ef9b08d2f0edec8d00176e716c3f313121820a1e6eb5e846dcd7"}, 0x10)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[ 3008.297342] *** Guest State ***
[ 3008.308529] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
04:15:24 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x3c, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3008.348338] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3008.397095] CR3 = 0x0000000000002000
[ 3008.415035] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3008.431532] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3008.438217] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3008.447863] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3008.473416] IPVS: ftp: loaded support on port[0] = 21
[ 3008.479410] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3008.492271] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3008.501277] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3008.509705] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3008.518138] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3008.526120] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3008.526139] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3008.526153] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3008.526175] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3008.542495] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3008.558810] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3008.575053] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3008.581617] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3008.589523] Interruptibility = 00000000  ActivityState = 00000000
04:15:24 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
socket$inet_dccp(0x2, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000080)=0x1e)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:24 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@mcast1, @in=@multicast1}}, {{@in=@multicast1}, 0x0, @in=@rand_addr}}, &(0x7f0000000180)=0xe8)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@pptp={0x18, 0x2, {0x2, @remote}}, 0x80, &(0x7f0000000140), 0xffffd48, &(0x7f0000001400)=ANY=[@ANYPTR64=&(0x7f0000000380)=ANY=[@ANYPTR64=&(0x7f0000000300)=ANY=[@ANYPTR, @ANYRESDEC=0x0, @ANYRESOCT=r1, @ANYRES32=r2, @ANYRESHEX], @ANYRES16, @ANYRES32=r0, @ANYRESDEC=r1, @ANYRES16=r2], @ANYRESDEC=r0, @ANYBLOB="37861d0ba51b9a90db1019987750c3349bbf69a1f0e6ee3a8bb5997649bce0ec39261b5c163e6441b3acbd62712162b03e623e831d93376c1034965b2a7db0504e001e6ab0e0f92e70fe0677f77fff6d324612a478a42675554b7dc0c73bf228f75606cdb51a83f46498f27db08275731bb03a1289813687f15c7a15429ab06c95fab99dc2b486fe592dca929c228d9972305b1e4aba4a56933fede9a5a80fdbd664745ea97de95a666260cace1907c35c1af6905834366be62de3fa7865059f05ac6db3ada1caa618015859cbe49852e5c2f9ef37acee83fad9aa5afbd33e60f4e124158ce0069005647a7e6e4f4ff104a3981e98ffc67836edef10f16aebfd126c85041408bc16f3848366fce4bfe51fd7b357ddbc54c47c5ffd2214dc836f4d962b92050f2c8a0a0ebe2317e8e4be79dc49bb5f08e4a8d798d9a32173826ab58e8d7e2817013a826261a434965a01f071d862264a6b42c3ee77abc9790d37e9766bd78e4c34679b42dadde407b1212620c0a4f6e8f03409108dc820ab2736e78853d99369520f313ef6f31f9c1d936ab6a870a2e521b00e1a7773774e0517890d382e0f38a7d757aaad5f56e4da40fd596f92cd5f6630363d78a5718669f0402d1a5cb23d7766b773a16c3459aaea9196801cc91ee6768aebc762b49f58078c14a88aadff603f9be65db32d6e2a04f0068934e52c2a9dd525ee5106da6a6ec55d67b893c3bd7c2a8360238c3e2d84e6e9f1346474aad6f472240e7f99c1bf1d6456f65db97401b78b219345730eb240a7c2556fa2b91159d08e2e736b27d03486bc9b7b3ddc664fc2901fa1892c934493c83aaea19a99e7cc390b1b328092870d7d7d7ec0da4652dd87effb8daea8f752185bbd7d86c01d35b82499c4f4eb48427dd7e35b2aa4e0c772fee9825b6699250b706ccbd56243c79a2070d0ed6c93892158519b1392ae14926ef377bb385d9bb2b1d235adfd22d46b759a490dd196042625ad5153cac829bb2927e6fa84a17a3fa4dde9c468c23189e407e5c63fe54a3343d14f1c3fa3557d64844239ca38e732f344f755f37f88d0035b3c490069646533b1cf8691ff35f0bc6a0d9ec689bbedbfedc92fa3aa0d7ed88992dd3330549d9ed52f1bc2d84cccf0f217eca78116538ea24c3d6fda62e61c6784d3029465bd4f367533bf75d44efd7ec35c2b74cca5549a41b612533ed2818a8d863effca97dd436bb78d1d6a3235f0db18a0693a655a3ad28457a650ff9ccb7ffdfb3f22e51d6ae90790cfdb58d00d7d836dc891fedcdfc703013cb96a94726bec10f426a333876e0557c5a46cceb6cbd1ddde6bec47a3bcded78026c05be800aea4afc87340fd079d493ffdb14f7d4b6a34f257a81d0d9e855cdb56f1dbd44f1de10cf553d30e2ff8f6a6b825a880257830f68dbbd628f2ff2a5a1bc9f5b28959c2d87115412beccead9e2de826e8367d4759d8f632921700bdce78db6142d4fedef3a418a0fd642fe6174b7ab331337c6ec9b17166bcbca6a5ad9faf818f4a1f78bb2aa1008d038cd9563815138a9189c3091e99a37b601308e5632655d7e8322288db85391758bde095b3615ebfb7116d28f0fefc51ed42ac004278b2ceb29b3504c031c314aed33ce2c7e4450fda323ea2027754bf24fa61605e0acc3b344eb7f4842c7919bc2e52c4cdd90c1d9fff31a4bd6152d52207ec23ffb08801375d59eb5be96b077e0231b40815bce996a9a5f7c72330bd84c7ba7ff8214b147137b2766f2e8b78374265244d55db5e30b5b6061866c09ee3923bbe41d995786e910cba17e60c723c85ad3fec8abc6c6ec2b65d8a22e877d9e9f08109a3826ff507144b80fda383e6e2c9e68aa102483c58a0583348f589c2ccf218a1308298f77261b9fcf442b6d9fc49fb2b0433c3c8155760ed1de6f7e3f60b62263b7150d491f2276f514b7302f1123ed620916275aebbdd769b720246fb67ed148bebf09cea42c1c68fd42c6cb01af9cd326bc9bb591c4c584fd410511eae9fc8e34bc9e3dcc6a36052adcaf3e47036af5b888f985fc2849ad8c6bbcfce8191964e6399a4ddfffb3b9aa4be8cb024575634a06319d8c79451b6243d8cd5a882b4a4e13be691e8c7dce58e1ac5149796d7c82fc997dfff43744b0e537c397f1f8ee2c8474a40aadcaa4ced2ea43b58df2a0f8f604a4b7078a75e89c9501306d4ff4872bc1a13717fd0cb1fef152229ee335920ceda29fa6bf49d0b420943bd1fd8667651651d6596ab06562581b873ab3d49b1a7112869ef75d31d35b5035765c420b7bd1d8bedc8762f48d2c69195384a4d23a8ce1bebcb1ea2e46273bfc08b193862656153a15ff51698d7322d13b368c7bd1e6d0bb4f4322c4c90d2125ebaa84ec2b5e8341547ed59ddd79c2b74e6b5dc6edc52a6e6e43d04ce0eddfbcad45c043271c1bae89e09d3f01e78af6435f3f40d1bab1105effa38ec920039b066d0080352fe4edc87c514cad211c9b87066f9b4bb6e2534ea3f30a5b2152675f5a1a30463174fd4836fed65ca81cefd4cf89aff67467ce4673dfd211035915f5890b210c7bea337cb62126607cc82c70ee9bb320965c00a38a20189a4b7d0a121107f6d92058ca06999801643846e670b74b4c4a6071b247dfc6ba53ab8bc76b484d2c21f391de380d5824559ba634344ef808c2580d4e878ea5ea621bcb7129edbccbc19b0e2676bc9c225ca453da64b2c1c809ebd02abd5a8eba05aa32545b4e4ea5fb491cec5b1e974e3258d1c0e89bedb128bca40940264d351c1cea88d9b22272d426e44ce56368877d000ef39a0f4ed67a81f7c975f397cd6371ae09d78c1dee5aa06eed2cb7fce6559421b327d993bd2beac1b9a35d799241cf1bf698154b2c2979834c9953dedfa9897865c255029339cc3dad46e5c36a935990360939a5c34a44445782001e2bbaec05ae8b68c30162a9f853788828650f3dd74047bb3cbf7199a4e88e61d311c4eb84e6679ea3f48057105d014b5a8d3927c038ef6ed3dfb0fe7b1f8cecaea9a4976119ca1c414330d6ba9968adf5f4b956dc037428d613da738f153b9430a4ebc44e5a546f8fc9a9743aa4d5b08d4042f0e035c7fb1a36ee5bc229957dbff10211217d182fe959170ddfabe3a8406a99829e481d2aa76982f16b8080b32ada6175263e1d7e846cffb5e5910edf81aebeb8fc17b53d85752c9fbc1dc8d76d15308642d94063f7efc52b6bae205f8cc5f386ba1d5dacc5bf1bbf2c162888fb471c14766a61e5dc28f153e7f1906990bfcd893615ab929839af456ac78dd424c5521e5fd385388a877dfb54a357259ee74bce771c0b9bf8f8314787c0dfd9d4c5961bc95e56b756886653ecf39c717c2e331752e43081deea25f54458840021b7254617a4f8690eda4418bcb1835ccecfacfdbd5692d54d5dcf2b0a275f99c4667171835cf21febf6ba367422af5bbcdae058ce606b5c5668ea023e314e7dc1f17889d750ed13375497501e0a095c3813ac9de89cb5655c1b4cb8ec07b93bcc96063fc6c297153379b1803ff31f369d9ce62ce6402bda3a55f7fddc6c4d9af1ee53128350ca86f59f610cca7968579162cf72ea9e278f09f338d217c6bcb7adbf1ec547a2a94b6dee6bcfb87c4c75be0753f69d401c9468b05fe590cd54f8e11dbfdc8cd014fa6912bba71ee0bb15a188470028376fa326e537dce8815b441be47b6d71aee5af5914d2f3013b1e496c2694a212516391d37ff1f9a076476b5125a7ab7d2539431508a653928b3e577ab500b57c20eeae3c591e88604ec1a17879aba29c38bf55d6aff7b77e82bf87fec39448c1cb182ecf5d906f1ef294826d71b6753f360f0f40e6bffa6f4f7c98fafb2948c2b6bfc0e2e853127f9af6a7f5dcbb0da7b2a906b88ce1f75254a5bf3085fce2434afb6d390ded40a56b875feb795134774abfab93e3ca32a2b22cdaeb44df33484b4be4bde3eb23365ff72858a383e0eff2ce00d820f1088dfb6efd223741bd1d64cd40b4f0dfc750392f67401f8c7a34aabe910158664576af9cd6a7afc6abe4320daa7f95a277c4d7c8183ae21e89e9689b5782fc10938b08e0e80a0f6b358adf4bbb5e64c40f0929b41990783b1b1c84474fcad4c3d9eb30efe81b1eaeedc128b7d18cc44e112b106f531cccd3509901697935ba44733bc7645088c44822cea7d4b85e07f78f885e5c844d94ef6da718726ea735b17d52bb7410b0a09919697fb7ddf976dc0452f34fae40204130edcb2fce9b37010fc3f2f7b567a2da68644a87f65477b7fc2eb1ee7a15b1f7703f355ae763e334617354c7442adbd22f94d29716047df60863e13feedc53cea694356e83395534092d3fac2f4bf5317c8da5681a1c24d9ed0037373b833877188fa479f0ba66811fba6f7fccf4263c62ca5084f8f7095642b1c43a9eb50ab24a0caeb90339d0927cf13d3f598afa54f92800e7955acbce385a37c08ea728d4b2d8242ab999ca348c8b459f7210e47ed85b2918a0002aba64a73039d0f5daeb2bbdd62320f4487b5d01d63610eb53dcfb87f8a4805e6d872cf4970b7044f431c9d1b4472dcd210af8caa697c8aae24701cf1aba45dea92f51f3aa26c546685c163ea2c2dcd6afda7e9f914aba6350d5bd61dc695c17a9bf714e9594703f135576a113a06e965c3f267eee39ed4dba0ab93b47542a34f442536417d734c5e141015593e1e7fcc4785547e08a3ad9f5ac916d43f6516b8c67a3a413e7a20bf6f2e93f36ac10a6fe2c3c41b5f677b1801aba537b11b30ea7b7268b41bf5b46555aa3ad7a0c18dcb13c0904de9f15d3844dfa95589366e724f3c8ccf86587fd1eeb44fbf601cfc64bc45c23c934f2b5e8e5e2279574dfaa799184c5aabcdf919d6ea37319ca2a08766021044406e170bc86cf6dbb8092b6a6c04034c9fe60f2f9edb6642340377c7f011235d57f158fb029bc992d6fa582913004227eb03840e5fd5386066a751aa2831a92d38231e3e5461d3ef6844fa124b0f59efef4578736b16ececb459f066c2cfb38b2f62d347746142e75dbfe768ddbb774db7287823d17a1d1bda60b5ff671951ee82887e55efaba811d61eb6ed8c8cb48978eda5b1b369a5c9d1281886c9c3ba6abc95f54d65f6723c72d00885eea5aee20301c29a8f049efae62859643092a8b5295ea271874ff8644901096d2c99fea34bd7b79a23ad23003dbcccc2b3e10f87917a18d3e8b68ea54002de4a038d4836b04c82b3cf16596a1963f462b895bf43577b105de0029040812b1236ec911e54ed2cbfc3306837e16ceba634913b17d7423896b47f315b75bc89af34aa76b49f654163e5462f1d0c3d6f97fc71dbb59b1f0c11cbfbe588caeb66aafc5172a4adcb4780cdf10f3f3621778981c81c2dbd51fdfbb54324957634b940c9d99118234333b11663117c86593992f7186965e1c942d69c93ed6bc8c0384b48f48754f35bd6ee04165395d53ea488b3947585c8351e22b20d89866c5f92a3b47ddeac14b1bf862aa4cf08ad425c35cb7856939181d8dc624623b9143c89779d8a67d4252975bcb7829da93783c8cd51f281170647f97612633a8262655475923ced224e01b23988027caaf9674b71c00dc7a9a79d2c64845f744e0b854a4d70d5214adb380be166081bda31010ff725f67cdf08464b6403a3dabec018da5ef5701d0a9e2fc2098468cef0bc91b8ee6c796db347ef91a0f14369a9755a37163014bd3661691926e8b63317246c8bed10ff62b7e51be253483ae7ebf8404ce1f586cb68cca3", @ANYPTR64, @ANYRES64=r2], 0xfffffddb}, 0x40000)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[ 3008.595775] *** Host State ***
[ 3008.599312] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018e5c7390
[ 3008.606073] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3008.627882] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3008.635701] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3008.642062] CR0=0000000080050033 CR3=00000001d91b0000 CR4=00000000001426e0
[ 3008.649248] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3008.656107] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3008.674875] *** Control State ***
[ 3008.707286] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3008.713971] EntryControls=0000d1ff ExitControls=002fefff
[ 3008.767238] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3008.774275] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3008.816714] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3008.823303]         reason=80000021 qualification=0000000000000000
[ 3008.838868] IDTVectoring: info=00000000 errcode=00000000
[ 3008.844366] TSC Offset = 0xfffff9b2a429a777
[ 3008.848793] EPT pointer = 0x000000010b0b101e
04:15:24 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:24 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0xffffff89, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:24 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000180)={0x0, <r2=>0x0})
r3 = syz_genetlink_get_family_id$team(&(0x7f0000000200)='team\x00')
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', <r4=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{}, 0x0, @in=@loopback}}, &(0x7f00000003c0)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000580)=0xe8)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in6, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@local}, 0x0, @in=@dev}}, &(0x7f00000006c0)=0xe8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000840)={'veth1_to_bond\x00', <r8=>0x0})
accept$packet(r0, &(0x7f0000000880)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000008c0)=0x14)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000009c0)={{{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000000ac0)=0xe8)
accept$packet(r0, &(0x7f0000000cc0)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000d00)=0x14)
getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000d40)={@loopback, <r12=>0x0}, &(0x7f0000000d80)=0x14)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000e00)={{{@in=@rand_addr, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}}, {{@in6=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000f00)=0xe8)
accept4$packet(r0, &(0x7f0000001240)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001280)=0x14, 0x80800)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000012c0)={{{@in=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r15=>0x0}}, {{@in6=@remote}, 0x0, @in6=@dev}}, &(0x7f00000013c0)=0xe8)
accept4$packet(r0, &(0x7f0000001400)={0x11, 0x0, <r16=>0x0}, &(0x7f0000001440)=0x14, 0x80800)
getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f00000014c0)={@ipv4={[], [], @remote}, <r17=>0x0}, &(0x7f0000001500)=0x14)
getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000001540)={@ipv4={[], [], @dev}, <r18=>0x0}, &(0x7f0000001580)=0x14)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000015c0)={{{@in=@loopback, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f00000016c0)=0xe8)
accept$packet(r0, &(0x7f0000001700)={0x11, 0x0, <r20=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001740)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001780)={'irlan0\x00', <r21=>0x0})
getpeername(r0, &(0x7f00000017c0)=@ll={0x11, 0x0, <r22=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001840)=0x80)
getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000001a00)={@ipv4={[], [], @broadcast}, <r23=>0x0}, &(0x7f0000001a40)=0x14)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000020c0)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r24=>0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f00000021c0)=0xe8)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000002200)={{{@in6, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r25=>0x0}}, {{@in6=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000002300)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000002340)={{{@in6=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r26=>0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in6=@local}}, &(0x7f0000002440)=0xe8)
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000002dc0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000002d80)={&(0x7f0000002480)=ANY=[@ANYBLOB='\x00\t\x00\x00', @ANYRES16=r3, @ANYBLOB="020027bd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB="400002003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="6c0102003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d00003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400d800000040000100240001006d6f646500000000000000000000000000000000000000000000000000000000080003000500000010000400726f756e64726f62696e0000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000100000008000600", @ANYRES32=r8, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000180000008000100", @ANYRES32=r9, @ANYBLOB="4400020040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000f04000008000600", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=r11, @ANYBLOB="7c00020038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000500000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004002700000008000600", @ANYRES32=r12, @ANYBLOB="08000100", @ANYRES32=r13, @ANYBLOB="880002004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000300000008000100", @ANYRES32=r14, @ANYBLOB="b80102003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400060000003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d00003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r16, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040000000000080007000000000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b000000080004000800000008000700000000004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000008000100", @ANYRES32=r17, @ANYBLOB="e801020040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r18, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000100008008000600", @ANYRES32=r19, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000800030003000000080004000500000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004000600000008000600", @ANYRES32=r20, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e740000000000000000000000000000080003000300000008000400ff7f0000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004002000000008000600", @ANYRES32=r21, @ANYBLOB="3800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r22, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r23, @ANYBLOB="08000100", @ANYRES32=r24, @ANYBLOB="b000020038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000400000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400050000003c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000000c000400060006052f00000008000100", @ANYRES32=r25, @ANYBLOB="6001020038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000900000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400fbffffff38000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400fd000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000900000008000600", @ANYRES32=r26, @ANYBLOB="38000100240001006d636173696e5f636f756e7400000000000000000000030000000800f13b72564e55030003001096faf38045896f00003c000100240001006c625f74785f6d6574686f64000000000000000001000000000000000000000008000300050000000c0004006861000000000000"], 0x900}, 0x1, 0x0, 0x0, 0x800}, 0x10)
r27 = syz_open_procfs(r2, &(0x7f0000000140)="6f906d5f73636f73799e72655f61446a00")
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r27, &(0x7f00000017c0), 0x1fe, 0x400000000000)

04:15:24 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:24 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000000), &(0x7f0000000080)=0x4)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:24 executing program 5:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x220000, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000200)={<r3=>0x0, 0xc79, 0x2, 0x200}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={r3, 0xffffffffffffc6ce}, 0x8)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc)

[ 3009.096901] *** Guest State ***
[ 3009.100327] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3009.126874] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
04:15:25 executing program 5:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(r0, &(0x7f0000000180)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000380)=[{&(0x7f0000000200)="9d9931a2dd9772864deb36e6d80a78a987f37a759937a696e02015b82ae8b85586991fa4517173fe54e54319e7621261a32ee4f3cf523d517839e8961e87eeccfd5c46088bb360426ed6619718d79492dd70da73d14021b31df36cf3f73caf76f7c8f450d2c0ee469f81485ca063cbff20c368c8a855bd9ae08e747178af5cc9fded110841f1e4f409d896868f1f0093021fbc2e349e282fa86e2563485947ecb1182a45e247987bb22ff26b65562a8158866f5bd63fc659dd56ee87369b", 0xbe}, {&(0x7f00000002c0)="444786eb041d4e8a5402aa3ac6780949c2893068ff21622efb48a700054a4a90d558fad96ea4b673669beb71b237877b550226ecb023d4c1b424906a86dab40b642db52bafb09f242c10253ab5bcce266a29da5409ff0f3969fa0bd5b95cd99d4e7378d1e75d328408563128009d6bf70e71fba4280f0e8d09fc49f5f74ee4c5282dbf98aacfba52274c7897ba497b9f3f6a85d56f0418c30e411f877d898d", 0x327}], 0x2, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[ 3009.175714] CR3 = 0x0000000000002000
[ 3009.179853] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3009.186511] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3009.193667] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3009.206774] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3009.215067] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3009.237920] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3009.275392] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3009.288862] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3009.299587] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3009.331119] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3009.352408] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3009.371578] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3009.379892] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3009.388178] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3009.397076] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3009.405145] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3009.411908] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3009.419667] Interruptibility = 00000000  ActivityState = 00000000
[ 3009.425984] *** Host State ***
[ 3009.429483] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018e107390
[ 3009.435533] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3009.442274] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3009.450899] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3009.456935] CR0=0000000080050033 CR3=0000000177249000 CR4=00000000001426e0
[ 3009.467076] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3009.473877] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3009.480335] *** Control State ***
[ 3009.483890] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3009.490993] EntryControls=0000d1ff ExitControls=002fefff
[ 3009.496566] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3009.503874] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3009.511360] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3009.524317]         reason=80000021 qualification=0000000000000000
[ 3009.531362] IDTVectoring: info=00000000 errcode=00000000
[ 3009.536961] TSC Offset = 0xfffff9b237c9c57e
[ 3009.541349] EPT pointer = 0x00000001c450801e
[ 3009.857728] device bridge_slave_1 left promiscuous mode
[ 3009.863232] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3009.917229] device bridge_slave_0 left promiscuous mode
[ 3009.922690] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3010.763078] team0 (unregistering): Port device team_slave_1 removed
[ 3010.771614] team0 (unregistering): Port device team_slave_0 removed
[ 3010.780649] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 3010.819262] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 3010.871811] bond0 (unregistering): Released all slaves
[ 3011.028694] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3011.035062] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3011.042156] device bridge_slave_0 entered promiscuous mode
[ 3011.078894] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3011.085317] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3011.092832] device bridge_slave_1 entered promiscuous mode
[ 3011.127242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 3011.165524] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 3011.269038] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 3011.305773] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 3011.448586] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 3011.455650] team0: Port device team_slave_0 added
[ 3011.476913] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 3011.483968] team0: Port device team_slave_1 added
[ 3011.506843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3011.534708] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3011.562277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3011.586024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3011.844896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3011.851273] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3011.857900] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3011.864232] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3012.577632] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3012.652312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 3012.721877] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 3012.728028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3012.734900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3012.804934] 8021q: adding VLAN 0 to HW filter on device team0
04:15:29 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:29 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@dstopts={0x87, 0x5, [], [@pad1, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn, @calipso={0x7, 0x20, {0x4, 0x6, 0x0, 0xffff, [0xfffffffffffffffe, 0x2, 0x5]}}]}, 0x38)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:29 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff76}, 0x0, 0x0, r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x3, 0x40000)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

04:15:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x88, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:29 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x101002, 0x0)
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x31)
r1 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000200)={0x50, 0x0, 0x1, {0x7, 0x1b, 0x7f, 0x4202, 0x2, 0x7, 0x8, 0x8}}, 0x50)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

04:15:29 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$RTC_UIE_OFF(r0, 0x7004)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[ 3013.327998] *** Guest State ***
[ 3013.331314] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3013.341068] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3013.359100] CR3 = 0x0000000000002000
[ 3013.363007] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:15:29 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3013.376735] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3013.383402] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:29 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000), 0x4)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x1ff)

[ 3013.432987] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3013.460537] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3013.470573] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:15:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x3a, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:29 executing program 5:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000900)=0x8000)
syz_open_dev$admmidi(&(0x7f0000000940)='/dev/admmidi#\x00', 0x5e19, 0xb0200)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000)
syz_mount_image$f2fs(&(0x7f0000000140)='f2fs\x00', &(0x7f0000000180)='./file0\x00', 0xfa6, 0x7, &(0x7f0000000740)=[{&(0x7f0000000200)="e9dccfec5c31db7297e999d3c683f01053aab8140cc8e97ab1fbb4d800a89341b7a6993df8cf14e87e589379dedc9417ab4c919c273fb2f23b77c4a75d86eae96121a099fb0d5b3806e6ba8d62e0f169b5923e7d018c2de8c144fbadeba8e8b2270da4f88a6dd925f938c0bc357d2ab7c7a86bcf53c578a94c50be183475c238477f127b522827b21b975c1b7f4c3367a977cd73c7f4f97ae155a02b168097bcea1db16d2b6a5ecfafd72e53c66254253cd21caa4b6d0a502853fe29324599a1bfa26d7fb942fd", 0xc7, 0x96}, {&(0x7f0000000300)="f59c5c93d5efb7be6c4aa0cd9aeb88310a4bc1630e27bc134c83c7614115dd92eafce3f686f1a7121b99734f65ffee1c837e0403e7e65d58e3b5beb365f9f1e62b1792fa9c0cd1ff9ea80ed4828351167a7c840d1d0cd823e3ac0789915c8230902b1f6a24550198f1d48abc797b488b261d4836c4364d3ffb38c0b99fac6aaf118fe13843cbc7ad60535e52488b5c90a9201814ed06a5f1f60263822b7435a6920f7fdaecce9ac14674c2b70e33411437022c7c9d51319d2fa2350a1a87b85cea157ec49082a35a0c668b66aa52e9ed10949ce9c63be4fd54db2254a7d5af68b26cb055520091d6a1256d2b3421899ac50d041eba2c110651a6", 0xfa, 0x165}, {&(0x7f0000000400)="95631ca3c5d51fb80074e50ac6d66131d0209c6e3568b8b23ff48d4c9b8bc5139798f34ca92498fac3faec598413efca927b43bb4bebef62f97f88f527b98d02b9aea9027ff8bf3662b5b4c8cab5a3bf2829101b7e0913fe140c8e97e2f27e0dc0162a69c8cb2ed21c93712719ad436c5bc30a001fce8751221ba9c46a3d530bbf5b65de6e4418dff67a73548ce07c3d691f3d5f97fa2725d6399caf3a613424ddd68056ecaada63", 0xa8, 0x7e4f}, {&(0x7f00000004c0)="1819daeea094a24bed61c99f53bc50436d14f349939105701a7e8aaf7ad1ebbbaa41c7f4ed479bbc9f804f129e76f423a5424f890dfc9087d77557653bc22b268b0f61e2a3a85fd9514330dc57e332d55d5710bedc5b39335be96bec49d1bd16373b21f09f0434dc8e8193492826ca9b7ec4d593cf32d7b1786a4cf9f07ef667a323d8785f5c171f292ba0bd3b389dcb6b0e491521a79320489795384744b7fb58abc35c530213afa964274978afdfe87d651fd7aee99d", 0xb7}, {&(0x7f0000000580)="7d2a77ec8f2c70e7f9255c24fca4ca5d02d6269a931eec5010372c426e413bf21db449932cf77dd9e8609f6b1edb184a3b1fdc07a6", 0x35}, {&(0x7f00000005c0)="5231b5fa6303f3346cbfadef46186b9771cdac98a9eda496671bdc2e710aaaff648a0a903fa5d4ade93ffcb481aa5fc3f34599991cfe9f1a3d79a32c65c0986300a41be51aa7a5d2b48231361ae6f431510a5cec6dffd118f0d6ea7310536fac7aa914d005ff8c1bd96413951e7167", 0x6f, 0x251b}, {&(0x7f0000000640)="ee22ec231e7d10640ac8f059e62a3ba4e24063e51aa14bf110cd08c99103ad81e5b2e43630be776749a31d11b62f8c1cbbfd79b98e3eceab615ac12dcb7b5dc8e81e767fc6591a994c4e1de51dd116a277ead924a8b7ed2629c9d39c858aef6ad452a96f13c73645a1bd211189f6186bd9055fe6d071fbe99b1f3342536259328db02b550ede03425b569ee51ba4e4b536bf3209abcd30685b1ec22f32c650ff31d508f35bd7f235d8acb87875f5b983c4a198af5eb5bebff0e8fe83bdb4a463b3504062279c2c1282f8301625c5f076165367c7f4bd40d62571d2c48209fe72381f8346326cdc51c1750648ee72ad9321", 0xf1, 0x8}], 0x800000, &(0x7f0000000800)={[{@noacl='noacl'}, {@whint_mode_off='whint_mode=off'}, {@norecovery='norecovery'}, {@noinline_data='noinline_data'}, {@alloc_mode_def='alloc_mode=default'}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@subj_type={'subj_type', 0x3d, 'oom_score_adj\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x5}}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@hash='hash'}, {@fsuuid={'fsuuid', 0x3d, {[0x79, 0x0, 0x7f, 0x75, 0x7f, 0x77, 0x31, 0x76], 0x2d, [0x34, 0x7f, 0x3a, 0x67], 0x2d, [0x7f, 0x77, 0x77, 0x77], 0x2d, [0x66, 0x64, 0x75, 0x33], 0x2d, [0x7d, 0x0, 0x3e, 0x32, 0x7f, 0x36, 0x0, 0x77]}}}, {@seclabel='seclabel'}, {@appraise='appraise'}]})

[ 3013.491329] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3013.506245] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3013.533715] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3013.559018] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3013.571508] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:29 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3013.579754] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3013.588620] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3013.596947] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3013.619826] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3013.636187] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3013.644613] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3013.655326] Interruptibility = 00000000  ActivityState = 00000000
[ 3013.661817] *** Host State ***
[ 3013.665186] RIP = 0xffffffff811f9ed3  RSP = 0xffff880114017390
[ 3013.671648] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 3013.675459] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3013.686501] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 3013.690880] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3013.702445] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 3013.709608] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3013.715698] CR0=0000000080050033 CR3=00000001abd34000 CR4=00000000001426f0
[ 3013.721655] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[ 3013.726966] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
04:15:29 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf5ffffff00000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3013.730699] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 3013.756175] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 3013.764199] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 3013.771706] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
04:15:29 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000001c0), &(0x7f0000000240)=0x68)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={<r3=>0x0, r2, 0x0, 0x14, &(0x7f0000000280)='security.capability\x00'}, 0x30)
ptrace$getsig(0x4202, r3, 0x3, &(0x7f0000000300))
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket(0xa, 0x1, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x6, &(0x7f0000000040), &(0x7f0000013000)=0x221)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x5, 0x84)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r6 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0x7fff)
lsetxattr$security_capability(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000180)=@v2={0x2000000, [{0x4e0f, 0x9}, {0x9, 0x24}]}, 0x14, 0x1)
syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0x7, 0xe3309fd61b98cb12)
sendfile(r1, r6, &(0x7f0000d83ff8), 0x8000fffffffe)

[ 3013.789384] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3013.796928] *** Control State ***
[ 3013.801001] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3013.824024] EntryControls=0000d1ff ExitControls=002fefff
04:15:29 executing program 5:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x4000, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x0, 0x400000000000)

[ 3013.837641] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3013.846602] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3013.855838] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3013.863219]         reason=80000021 qualification=0000000000000000
[ 3013.870406] IDTVectoring: info=00000000 errcode=00000000
[ 3013.875936] TSC Offset = 0xfffff9aff1fbca28
[ 3013.880381] EPT pointer = 0x00000001bf38501e
04:15:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:29 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x86ddffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:29 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_procfs(r1, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

04:15:29 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f00000001c0), &(0x7f0000000240)=0x68)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={<r3=>0x0, r2, 0x0, 0x14, &(0x7f0000000280)='security.capability\x00'}, 0x30)
ptrace$getsig(0x4202, r3, 0x3, &(0x7f0000000300))
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket(0xa, 0x1, 0x0)
getsockopt$inet6_int(r5, 0x29, 0x6, &(0x7f0000000040), &(0x7f0000013000)=0x221)
mmap(&(0x7f0000000000/0xfe3000)=nil, 0xfe3000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
close(r4)
socket$inet_sctp(0x2, 0x5, 0x84)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r6 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r6, 0x7fff)
lsetxattr$security_capability(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000180)=@v2={0x2000000, [{0x4e0f, 0x9}, {0x9, 0x24}]}, 0x14, 0x1)
syz_open_dev$usbmon(&(0x7f0000000340)='/dev/usbmon#\x00', 0x7, 0xe3309fd61b98cb12)
sendfile(r1, r6, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:30 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x484000, 0x0)
ioctl$KDSETLED(r0, 0x4b32, 0x4)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0xad3)
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000002c0)={0x3, 0x1, &(0x7f0000000200)=""/84, &(0x7f0000000180)=""/36, &(0x7f0000000280)=""/30, 0xf003})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
getsockopt$inet6_dccp_buf(r1, 0x21, 0xc0, &(0x7f0000000340)=""/183, &(0x7f0000000400)=0xb7)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

04:15:30 executing program 5:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
msync(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1)
syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x2000)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000200)={0x0, 0x6c, &(0x7f0000000140)="d7b32e10cf42aecd1fcf1ad7b379ec8243fca87bcf8cd46e1b3cefa7ca3d418242bfd1441b7cca85a4d7f9362bf367af4a1493b8a78b4aeefa816a7193c7d0d91234a3e3d8a098d9522b5a42413597173e5b59afe46d4b9613f9d4b9ff0f9926aa9232bb43bff74644c6cada"})
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000)
shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ffa000/0x4000)=nil)

[ 3014.159559] *** Guest State ***
[ 3014.162892] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3014.196172] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3014.205312] CR3 = 0x0000000000002000
04:15:30 executing program 5:
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={<r1=>0x0, 0x71, "8feb8103437a85afa4893e01f38f12c32b6281ca2c9d54a5443c37c692c2bff4c0f212e5c331edf863118375c353977f1919295bcda17de47f99377ae05959416c0ff6cb2f9f6737c79f1a76f141505351434650cb25ac1b7b8e01e50a4c787479d09564f614411d20e6144a399414887a"}, &(0x7f0000000280)=0x79)
getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000002c0)={r1, 0x80000000}, &(0x7f0000000300)=0x8)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
r3 = inotify_add_watch(r2, &(0x7f0000000180)='./file0\x00', 0x1)
inotify_rm_watch(r0, r3)
write$FUSE_LSEEK(r0, &(0x7f0000000140)={0x18, 0xffffffffffffffda, 0x1, {0x7}}, 0x18)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1fe, 0x400000000000)

[ 3014.209486] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3014.216130] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3014.223228] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3014.239152] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3014.247231] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
04:15:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x43050000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3014.261596] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3014.286496] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:30 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000001c0)={0x5, &(0x7f0000000080)=[{}, {<r2=>0x0}, {}, {}, {}]})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000240)={r2, &(0x7f0000000200)=""/49})
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000000)={0x0, 0x1, 0x1, 0xbd, 0xd24f})
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r3 = open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0)
ftruncate(r3, 0x7fff)
sendfile(r3, r3, &(0x7f0000000180), 0x8000fffffffe)

[ 3014.343204] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:30 executing program 5:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000)
accept4$bt_l2cap(r0, 0x0, &(0x7f0000000140), 0x80000)

[ 3014.397513] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3014.411979] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3014.444550] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3014.461657] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3014.470196] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3014.507944] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3014.525446] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3014.540467] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3014.548115] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3014.577940] Interruptibility = 00000000  ActivityState = 00000000
[ 3014.584325] *** Host State ***
[ 3014.588004] RIP = 0xffffffff811f9ed3  RSP = 0xffff880114017390
[ 3014.594089] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3014.602445] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3014.610408] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3014.616368] CR0=0000000080050033 CR3=00000001d4c29000 CR4=00000000001426f0
[ 3014.626792] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3014.633677] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3014.640336] *** Control State ***
[ 3014.650579] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3014.662718] EntryControls=0000d1ff ExitControls=002fefff
[ 3014.668340] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3014.675296] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3014.682029] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3014.688822]         reason=80000021 qualification=0000000000000000
[ 3014.695124] IDTVectoring: info=00000000 errcode=00000000
[ 3014.700608] TSC Offset = 0xfffff9af81e22e4d
[ 3014.704935] EPT pointer = 0x00000001abcf401e
04:15:30 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x27a333bae12]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x700]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:33 executing program 2:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000080)={0x1, 0x8, [0x80, 0x0]})
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000))
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x28, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:33 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000013000))

04:15:33 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:33 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000001}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:33 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
syncfs(r0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000000040), 0xc8, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x3, @loopback, 0xbcf5}, 0x1c)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
ioctl$DRM_IOCTL_ADD_BUFS(r1, 0xc0206416, &(0x7f0000000040)={0x9, 0x773, 0x4, 0x2, 0x1c, 0xffffffffffffffc1})
r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x107ff8)
sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe)

[ 3017.268070] *** Guest State ***
[ 3017.274959] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
04:15:33 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
nanosleep(&(0x7f0000000000)={0x77359400}, 0x0)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe)

04:15:33 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800000000002)

04:15:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x6488, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3017.383450] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3017.415213] CR3 = 0x0000000000002000
[ 3017.433175] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3017.444378] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3017.451306] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3017.458421] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3017.458479] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[ 3017.464623] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3017.488982] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3017.497430] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3017.525787] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:33 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3017.576921] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3017.616793] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:33 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800000000005)

[ 3017.624876] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3017.646722] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3017.660905] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3017.683334] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3017.700671] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3017.709666] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3017.717271] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3017.724855] Interruptibility = 00000000  ActivityState = 00000000
04:15:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffffffa0008000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3017.745284] *** Host State ***
[ 3017.759162] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6307390
[ 3017.775895] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3017.784858] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
04:15:33 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3017.793596] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3017.799864] CR0=0000000080050033 CR3=00000001c3c6c000 CR4=00000000001426e0
[ 3017.807161] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3017.813935] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3017.820276] *** Control State ***
[ 3017.823834] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3017.830650] EntryControls=0000d1ff ExitControls=002fefff
[ 3017.841409] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3017.849072] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3017.855840] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3017.869665]         reason=80000021 qualification=0000000000000000
[ 3017.878951] IDTVectoring: info=00000000 errcode=00000000
[ 3017.887105] TSC Offset = 0xfffff9add50f53d9
04:15:33 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800000000004)

[ 3017.893758] EPT pointer = 0x00000001cce2001e
04:15:33 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:33 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:33 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x12ae3b337a020000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:33 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x600000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3018.057128] *** Guest State ***
[ 3018.060464] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3018.083896] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3018.093699] CR3 = 0x0000000000002000
[ 3018.098557] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3018.105195] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3018.111929] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3018.118077] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3018.124126] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3018.130841] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3018.138889] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3018.146935] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3018.154902] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3018.162903] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3018.170889] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3018.178914] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3018.187136] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3018.195094] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:15:34 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0xa00000000000000, 0x8000fffffffe)

04:15:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800000000004)

[ 3018.203113] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3018.211126] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3018.217593] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3018.225048] Interruptibility = 00000000  ActivityState = 00000000
[ 3018.231322] *** Host State ***
[ 3018.241019] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a62a7390
[ 3018.247166] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3018.253916] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3018.261837] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3018.269254] CR0=0000000080050033 CR3=0000000107b73000 CR4=00000000001426f0
[ 3018.299828] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3018.320302] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
04:15:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf0ffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:34 executing program 2:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3018.349020] *** Control State ***
[ 3018.360490] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3018.386553] EntryControls=0000d1ff ExitControls=002fefff
[ 3018.421280] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3018.436731] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3018.443407] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3018.460149]         reason=80000021 qualification=0000000000000000
[ 3018.466481] IDTVectoring: info=00000000 errcode=00000000
04:15:34 executing program 2:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8), 0x800000000004)

[ 3018.497986] TSC Offset = 0xfffff9ad6bcaec2a
[ 3018.506975] EPT pointer = 0x00000001d806f01e
04:15:34 executing program 2:
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:34 executing program 4:
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0)
preadv(r0, &(0x7f00000017c0), 0x1e8, 0x400000000000)

04:15:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf0ffffffffffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x91ffffff]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:34 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0x20000000, 0x8000fffffffe)

04:15:34 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0x1000000, 0x8000fffffffe)

04:15:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:34 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0xd, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:35 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:35 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x80350000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:35 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0x3, 0x8000fffffffe)

04:15:35 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3019.188828] *** Guest State ***
[ 3019.192317] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3019.225485] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3019.236923] CR3 = 0x0000000000002000
[ 3019.240705] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3019.257866] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3019.266437] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3019.275264] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3019.281512] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3019.292198] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3019.300289] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.326921] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.334957] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.347700] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.355700] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.363979] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3019.372560] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3019.380803] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3019.388872] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3019.406772] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3019.424395] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3019.432818] Interruptibility = 00000000  ActivityState = 00000000
[ 3019.439081] *** Host State ***
[ 3019.439095] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a0da7390
[ 3019.439116] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3019.457259] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3019.465070] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3019.471169] CR0=0000000080050033 CR3=00000001c211f000 CR4=00000000001426e0
[ 3019.478634] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3019.485323] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3019.491488] *** Control State ***
[ 3019.494941] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3019.501647] EntryControls=0000d1ff ExitControls=002fefff
[ 3019.507124] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3019.514031] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3019.520717] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3019.527439]         reason=80000021 qualification=0000000000000000
[ 3019.533758] IDTVectoring: info=00000000 errcode=00000000
[ 3019.539242] TSC Offset = 0xfffff9accf6efef3
[ 3019.543572] EPT pointer = 0x00000001ccc3101e
04:15:35 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:35 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0xd, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:35 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:35 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0x100000, 0x8000fffffffe)

04:15:35 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x7000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:35 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3019.859518] *** Guest State ***
[ 3019.862854] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3019.874490] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3019.883611] CR3 = 0x0000000000002000
[ 3019.887544] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3019.894212] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3019.901727] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:35 executing program 5:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
r1 = dup(r0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6)
sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x7fff)
sendfile(r1, r2, &(0x7f0000d83ff8)=0x100000, 0x8000fffffffe)

[ 3019.914969] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3019.921365] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3019.935304] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3019.951002] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:35 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3019.965140] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.973604] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3019.993632] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.004298] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.012650] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3020.022944] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3020.031414] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3020.039870] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3020.048762] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3020.055367] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
04:15:35 executing program 4 (fault-call:6 fault-nth:0):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:35 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8847, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3020.063295] Interruptibility = 00000000  ActivityState = 00000000
[ 3020.072668] *** Host State ***
[ 3020.076035] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6307390
[ 3020.082593] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3020.089470] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3020.133920] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3020.144466] CR0=0000000080050033 CR3=00000001c102f000 CR4=00000000001426f0
[ 3020.159636] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3020.166633] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3020.173868] *** Control State ***
04:15:36 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3020.177937] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3020.184745] EntryControls=0000d1ff ExitControls=002fefff
[ 3020.198325] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3020.208800] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3020.217833] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3020.225033]         reason=80000021 qualification=0000000000000000
[ 3020.231811] IDTVectoring: info=00000000 errcode=00000000
[ 3020.237935] TSC Offset = 0xfffff9ac6da61e00
[ 3020.242421] EPT pointer = 0x0000000117edd01e
04:15:36 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:36 executing program 5 (fault-call:8 fault-nth:0):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:15:36 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x0, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:36 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x500]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:36 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x608, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:36 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3020.687139] *** Guest State ***
[ 3020.690620] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3020.704519] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3020.713606] CR3 = 0x0000000000002000
[ 3020.717383] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3020.723886] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3020.730482] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:36 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

[ 3020.736474] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3020.742517] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3020.749649] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3020.757715] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.765749] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.774124] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.782188] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.790213] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3020.798280] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3020.806273] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3020.814314] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3020.822523] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3020.830931] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3020.837368] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3020.844841] Interruptibility = 00000000  ActivityState = 00000000
[ 3020.851102] *** Host State ***
[ 3020.854296] RIP = 0xffffffff811f9ed3  RSP = 0xffff88012c85f390
[ 3020.860301] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3020.866773] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3020.874554] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3020.880506] CR0=0000000080050033 CR3=00000001bfe6a000 CR4=00000000001426e0
[ 3020.887550] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3020.894208] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3020.900285] *** Control State ***
[ 3020.903736] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3020.910423] EntryControls=0000d1ff ExitControls=002fefff
[ 3020.915906] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3020.922851] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3020.929533] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3020.936109]         reason=80000021 qualification=0000000000000000
[ 3020.936917] FAULT_INJECTION: forcing a failure.
[ 3020.936917] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3020.942450] IDTVectoring: info=00000000 errcode=00000000
[ 3020.942463] TSC Offset = 0xfffff9abfd53ee61
[ 3020.942482] EPT pointer = 0x00000001872bc01e
[ 3020.955142] CPU: 0 PID: 9107 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3020.964259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3020.964270] Call Trace:
[ 3020.977070]  dump_stack+0x244/0x3ab
[ 3020.977090]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3020.977108]  ? __switch_to_asm+0x34/0x70
[ 3021.001899]  should_fail.cold.4+0xa/0x17
[ 3021.005979]  ? __switch_to_asm+0x34/0x70
[ 3021.010041]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 3021.015236]  ? __switch_to_asm+0x40/0x70
[ 3021.019296]  ? __schedule+0x8d7/0x21d0
[ 3021.023192]  ? __sched_text_start+0x8/0x8
[ 3021.027347]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.032881]  ? xas_start+0x23d/0x740
[ 3021.036583]  ? fs_reclaim_acquire+0x20/0x20
[ 3021.040890]  ? lock_downgrade+0x900/0x900
[ 3021.045052]  ? lock_release+0xa10/0xa10
[ 3021.049011]  ? perf_trace_sched_process_exec+0x860/0x860
[ 3021.054442]  ? __zone_watermark_ok+0x330/0x7b0
[ 3021.059011]  ? __might_sleep+0x95/0x190
[ 3021.062971]  __alloc_pages_nodemask+0x34b/0xdd0
[ 3021.067626]  ? __alloc_pages_slowpath+0x2de0/0x2de0
[ 3021.072637]  ? mpol_shared_policy_lookup+0xf7/0x150
[ 3021.077640]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 3021.083158]  alloc_pages_vma+0x11e/0x4a0
[ 3021.087208]  shmem_alloc_page+0xa5/0x190
[ 3021.091254]  ? shmem_swapin+0x230/0x230
[ 3021.095371]  shmem_alloc_and_acct_page+0x248/0xdb0
[ 3021.100285]  ? shmem_getattr+0x2c0/0x2c0
[ 3021.104330]  ? mark_held_locks+0x130/0x130
[ 3021.108552]  ? mark_held_locks+0x130/0x130
[ 3021.112774]  ? mark_held_locks+0x130/0x130
[ 3021.116992]  ? mark_held_locks+0x130/0x130
[ 3021.121214]  shmem_getpage_gfp+0x71d/0x4840
[ 3021.125522]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3021.130605]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 3021.135643]  ? bpf_prog_kallsyms_find+0xde/0x4a0
[ 3021.140389]  ? is_bpf_text_address+0xac/0x170
[ 3021.144868]  ? lock_downgrade+0x900/0x900
[ 3021.149001]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.153912]  ? kasan_check_read+0x11/0x20
[ 3021.158043]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3021.163301]  ? rcu_softirq_qs+0x20/0x20
[ 3021.167257]  ? unwind_dump+0x190/0x190
[ 3021.171146]  ? mark_held_locks+0x130/0x130
[ 3021.175366]  ? mark_held_locks+0x130/0x130
[ 3021.179587]  ? __save_stack_trace+0x8d/0xf0
[ 3021.183891]  ? mark_held_locks+0x130/0x130
[ 3021.188112]  ? mark_held_locks+0x130/0x130
[ 3021.192328]  ? save_stack+0xa9/0xd0
[ 3021.195935]  ? save_stack+0x43/0xd0
[ 3021.199552]  ? kasan_kmalloc+0xc7/0xe0
[ 3021.203420]  ? kasan_slab_alloc+0x12/0x20
[ 3021.207550]  ? kmem_cache_alloc+0x12e/0x730
[ 3021.211853]  ? __d_alloc+0xc8/0xb90
[ 3021.215460]  ? d_alloc+0x96/0x380
[ 3021.218897]  ? d_alloc_parallel+0x15a/0x1f40
[ 3021.223282]  ? __lookup_slow+0x1e6/0x540
[ 3021.227325]  ? lookup_slow+0x57/0x80
[ 3021.231040]  ? link_path_walk.part.40+0x6d8/0x1530
[ 3021.235952]  ? mark_held_locks+0x130/0x130
[ 3021.240171]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3021.245520]  ? memcg_kmem_put_cache+0x1d1/0x300
[ 3021.250172]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.255698]  ? xas_start+0x23d/0x740
[ 3021.259397]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.264917]  ? xas_descend+0x201/0x510
[ 3021.268789]  ? xa_destroy+0x4d0/0x4d0
[ 3021.272591]  ? is_bpf_text_address+0xac/0x170
[ 3021.277069]  ? lock_downgrade+0x900/0x900
[ 3021.281198]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.286728]  ? xas_load+0x43/0x1e0
[ 3021.290268]  ? filemap_map_pages+0xd11/0x19b0
[ 3021.294759]  ? lock_downgrade+0x900/0x900
[ 3021.298905]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.303815]  ? is_bpf_text_address+0xd3/0x170
[ 3021.308296]  ? mark_held_locks+0x130/0x130
[ 3021.312512]  ? unwind_get_return_address+0x61/0xa0
[ 3021.317425]  ? filemap_map_pages+0xd38/0x19b0
[ 3021.321936]  ? find_get_entries_tag+0x1400/0x1400
[ 3021.326773]  ? save_stack+0x43/0xd0
[ 3021.330385]  ? kasan_slab_alloc+0x12/0x20
[ 3021.334513]  ? mark_held_locks+0x130/0x130
[ 3021.338731]  ? mark_held_locks+0x130/0x130
[ 3021.342964]  ? mark_held_locks+0x130/0x130
[ 3021.347181]  ? lock_downgrade+0x900/0x900
[ 3021.351314]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 3021.356313]  shmem_fault+0x25f/0x960
[ 3021.360014]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3021.365290]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.370205]  ? kasan_check_read+0x11/0x20
[ 3021.374361]  __do_fault+0x100/0x6b0
[ 3021.377974]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3021.383059]  ? mark_held_locks+0x130/0x130
[ 3021.387286]  ? mark_held_locks+0x130/0x130
[ 3021.391519]  ? lock_downgrade+0x900/0x900
[ 3021.395664]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.400584]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.406107]  __handle_mm_fault+0x3d40/0x5a40
[ 3021.410500]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3021.415328]  ? mark_held_locks+0x130/0x130
[ 3021.419546]  ? mark_held_locks+0x130/0x130
[ 3021.423761]  ? mark_held_locks+0x130/0x130
[ 3021.427983]  ? up_write+0x7b/0x220
[ 3021.431517]  ? down_write_nested+0x130/0x130
[ 3021.435905]  ? down_read+0x120/0x120
[ 3021.439605]  ? handle_mm_fault+0x42a/0xc70
[ 3021.443823]  ? lock_downgrade+0x900/0x900
[ 3021.447951]  ? __do_page_fault+0xa0e/0xd10
[ 3021.452174]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.457089]  ? unregister_trace_event+0x3c0/0x470
[ 3021.461910]  ? lock_release+0xa10/0xa10
[ 3021.465866]  ? __do_page_fault+0x567/0xd10
[ 3021.470084]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3021.475174]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3021.480702]  ? check_preemption_disabled+0x48/0x200
[ 3021.485710]  handle_mm_fault+0x54f/0xc70
[ 3021.489758]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3021.494320]  ? find_vma+0x34/0x190
[ 3021.497847]  __do_page_fault+0x567/0xd10
[ 3021.501907]  do_page_fault+0xed/0x7d1
[ 3021.505694]  ? vmalloc_sync_all+0x30/0x30
[ 3021.509827]  ? error_entry+0x76/0xd0
[ 3021.513523]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3021.518521]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3021.523342]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3021.528347]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3021.533173]  page_fault+0x1e/0x30
[ 3021.536607] RIP: 0010:__get_user_4+0x21/0x30
[ 3021.541000] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3021.559885] RSP: 0018:ffff8801abbcf830 EFLAGS: 00010206
[ 3021.565230] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc90003f42000
[ 3021.572479] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3021.579731] RBP: ffff8801abbcfb98 R08: 1ffff10035779ee3 R09: 0000000000000000
[ 3021.586982] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff10035779f0e
[ 3021.594233] R13: ffff8801ba046dc0 R14: 000000008040450a R15: 0000000000000000
[ 3021.601498]  ? __might_fault+0x1a3/0x1e0
[ 3021.605594]  ? evdev_do_ioctl+0x159d/0x2180
[ 3021.609905]  ? _parse_integer+0x134/0x180
[ 3021.614051]  ? str_to_user+0x90/0x90
[ 3021.617747]  ? _kstrtoull+0x188/0x250
[ 3021.621529]  ? _parse_integer+0x180/0x180
[ 3021.625678]  ? lock_release+0xa10/0xa10
[ 3021.629657]  ? perf_trace_sched_process_exec+0x860/0x860
[ 3021.635091]  ? usercopy_warn+0x110/0x110
[ 3021.639144]  ? __fget+0x4aa/0x740
[ 3021.642593]  ? lock_downgrade+0x900/0x900
[ 3021.646739]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3021.651678]  ? workqueue_set_max_active+0x10/0x3e0
[ 3021.656600]  ? __f_unlock_pos+0x19/0x20
[ 3021.660558]  ? __fget+0x4d1/0x740
[ 3021.664001]  ? ksys_dup3+0x680/0x680
[ 3021.667718]  evdev_ioctl_handler+0x144/0x1a0
[ 3021.672109]  evdev_ioctl+0x27/0x30
[ 3021.675629]  ? evdev_ioctl_compat+0x30/0x30
[ 3021.679934]  do_vfs_ioctl+0x1de/0x1720
[ 3021.683809]  ? fsnotify_first_mark+0x350/0x350
[ 3021.688373]  ? __fsnotify_parent+0xcc/0x420
[ 3021.692678]  ? ioctl_preallocate+0x300/0x300
[ 3021.697079]  ? __fget_light+0x2e9/0x430
[ 3021.701035]  ? fget_raw+0x20/0x20
[ 3021.704472]  ? __sb_end_write+0xd9/0x110
[ 3021.708523]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3021.714041]  ? fput+0x130/0x1a0
[ 3021.717304]  ? ksys_write+0x1ae/0x260
[ 3021.721087]  ? security_file_ioctl+0x94/0xc0
[ 3021.725475]  ksys_ioctl+0xa9/0xd0
[ 3021.728910]  __x64_sys_ioctl+0x73/0xb0
[ 3021.732779]  do_syscall_64+0x1b9/0x820
[ 3021.736648]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3021.741999]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3021.746912]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3021.751738]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3021.756739]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3021.761755]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3021.766810]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3021.771688]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3021.776860] RIP: 0033:0x457519
[ 3021.780034] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3021.798918] RSP: 002b:00007ff39d978c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3021.806603] RAX: ffffffffffffffda RBX: 00007ff39d978c90 RCX: 0000000000457519
[ 3021.813852] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000004
[ 3021.821104] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3021.828357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff39d9796d4
04:15:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:37 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3021.835620] R13: 00000000004bf390 R14: 00000000004cf190 R15: 0000000000000005
04:15:37 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:37 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x5, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:37 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x8ef05aa200000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:37 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:15:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet(0x10, 0x3, 0xc)
sendmsg(0xffffffffffffffff, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e2800", 0x26}], 0x1}, 0x0)

04:15:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)}, 0x0)

[ 3021.976886] *** Guest State ***
[ 3021.980506] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3021.994796] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3022.004282] CR3 = 0x0000000000002000
[ 3022.017240] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3022.024370] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3022.031531] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3022.037580] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3022.043605] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3022.050664] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3022.058959] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.067184] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.075399] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.083680] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.091907] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.100021] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3022.108134] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3022.116186] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)}, 0x0)

[ 3022.124314] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3022.133134] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3022.139777] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3022.147870] Interruptibility = 00000000  ActivityState = 00000000
[ 3022.154218] *** Host State ***
[ 3022.157563] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a5c77390
[ 3022.163671] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3022.170265] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3022.178193] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3022.184163] CR0=0000000080050033 CR3=00000001a4361000 CR4=00000000001426e0
[ 3022.191225] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3022.197924] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3022.203972] *** Control State ***
[ 3022.207483] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3022.214155] EntryControls=0000d1ff ExitControls=002fefff
[ 3022.219635] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:15:38 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)}, 0x0)

[ 3022.226574] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3022.233285] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3022.239889]         reason=80000021 qualification=0000000000000000
[ 3022.246200] IDTVectoring: info=00000000 errcode=00000000
[ 3022.251739] TSC Offset = 0xfffff9ab4faf3072
[ 3022.256067] EPT pointer = 0x000000012884a01e
04:15:38 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)}], 0x1}, 0x0)

[ 3022.354664] *** Guest State ***
[ 3022.358191] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3022.367340] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3022.376253] CR3 = 0x0000000000002000
[ 3022.380269] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3022.386853] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3022.393612] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)}], 0x1}, 0x0)

[ 3022.405261] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3022.411410] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3022.418222] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3022.427004] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.435421] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.444505] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.452676] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.460742] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3022.468786] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3022.476854] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3022.484833] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3022.493029] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3022.501059] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3022.507502] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3022.514947] Interruptibility = 00000000  ActivityState = 00000000
[ 3022.521193] *** Host State ***
[ 3022.524385] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018f587390
[ 3022.530401] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3022.536831] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3022.544636] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3022.550562] CR0=0000000080050033 CR3=000000010ed69000 CR4=00000000001426f0
[ 3022.557615] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3022.564285] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3022.570388] *** Control State ***
[ 3022.573890] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3022.580583] EntryControls=0000d1ff ExitControls=002fefff
[ 3022.586032] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3022.592986] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3022.599708] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3022.606269]         reason=80000021 qualification=0000000000000000
[ 3022.612711] IDTVectoring: info=00000000 errcode=00000000
[ 3022.618206] TSC Offset = 0xfffff9ab16dc09ac
[ 3022.622520] EPT pointer = 0x00000001841fb01e
04:15:38 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80084502, &(0x7f0000013000))

04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)}], 0x1}, 0x0)

04:15:38 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:38 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x3000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:38 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40104593, &(0x7f0000013000))

04:15:38 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x18020000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:38 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40284504, &(0x7f0000013000))

04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a", 0x13}], 0x1}, 0x0)

04:15:38 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x5450, &(0x7f0000013000))

04:15:38 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0xc0045878, &(0x7f0000013000))

[ 3022.957480] *** Guest State ***
[ 3022.961716] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3022.995578] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3023.008515] CR3 = 0x0000000000002000
[ 3023.012329] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3023.019257] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3023.025758] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3023.031813] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3023.038618] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3023.045299] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:15:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a", 0x13}], 0x1}, 0x0)

04:15:38 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

[ 3023.053321] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.061377] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.069760] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.078491] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.087502] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:39 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0xc020660b, &(0x7f0000013000))

[ 3023.109978] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3023.125033] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3023.136596] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3023.146331] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3023.164047] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3023.182863] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3023.201486] Interruptibility = 00000000  ActivityState = 00000000
[ 3023.207818] *** Host State ***
[ 3023.211021] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6307390
[ 3023.217179] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3023.223584] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3023.231410] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3023.237319] CR0=0000000080050033 CR3=00000001860fe000 CR4=00000000001426f0
[ 3023.244327] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3023.251048] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3023.257139] *** Control State ***
04:15:39 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084503, &(0x7f0000013000))

04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a", 0x13}], 0x1}, 0x0)

04:15:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3023.260574] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3023.267260] EntryControls=0000d1ff ExitControls=002fefff
[ 3023.272720] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3023.279658] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3023.286331] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3023.292945]         reason=80000021 qualification=0000000000000000
[ 3023.299284] IDTVectoring: info=00000000 errcode=00000000
[ 3023.304717] TSC Offset = 0xfffff9aac579e0f0
[ 3023.309082] EPT pointer = 0x00000001ccc3101e
[ 3023.371129] *** Guest State ***
[ 3023.374410] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3023.386817] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3023.395930] CR3 = 0x0000000000002000
[ 3023.400457] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3023.414069] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3023.423607] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3023.430068] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3023.436167] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3023.447778] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3023.455862] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.464592] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.477041] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.485164] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.493278] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.501360] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3023.509497] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3023.517494] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3023.525485] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3023.533567] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3023.540036] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3023.547521] Interruptibility = 00000000  ActivityState = 00000000
[ 3023.553747] *** Host State ***
[ 3023.556978] RIP = 0xffffffff811f9ed3  RSP = 0xffff880183c6f390
[ 3023.562981] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3023.569407] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3023.577227] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3023.583098] CR0=0000000080050033 CR3=0000000135822000 CR4=00000000001426e0
[ 3023.590173] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3023.596865] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3023.602902] *** Control State ***
[ 3023.606334] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3023.613054] EntryControls=0000d1ff ExitControls=002fefff
[ 3023.618525] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3023.625433] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3023.632110] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3023.638735]         reason=80000021 qualification=0000000000000000
[ 3023.645035] IDTVectoring: info=00000000 errcode=00000000
[ 3023.650550] TSC Offset = 0xfffff9aa8a0c11f5
[ 3023.654877] EPT pointer = 0x00000001ce4c501e
04:15:39 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:39 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80044584, &(0x7f0000013000))

04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c", 0x1d}], 0x1}, 0x0)

04:15:39 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0xc0189436, &(0x7f0000013000))

04:15:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88a8ffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c", 0x1d}], 0x1}, 0x0)

[ 3023.787174] *** Guest State ***
[ 3023.790705] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3023.799921] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3023.809155] CR3 = 0x0000000000002000
[ 3023.813249] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3023.820089] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3023.826815] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c", 0x1d}], 0x1}, 0x0)

[ 3023.832913] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3023.839102] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3023.845907] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3023.854046] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.862188] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.870295] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.878909] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.887099] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3023.895185] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3023.903340] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3023.911519] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3023.919766] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3023.927980] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3023.934513] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3023.942097] Interruptibility = 00000000  ActivityState = 00000000
[ 3023.948447] *** Host State ***
[ 3023.951705] RIP = 0xffffffff811f9ed3  RSP = 0xffff880138d1f390
[ 3023.957779] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3023.964212] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3023.972032] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3023.977966] CR0=0000000080050033 CR3=00000001c50b1000 CR4=00000000001426f0
04:15:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa00000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

[ 3023.984988] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3023.999158] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3024.013205] *** Control State ***
[ 3024.020406] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3024.029456] EntryControls=0000d1ff ExitControls=002fefff
04:15:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

[ 3024.035158] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3024.043841] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3024.051062] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3024.057921]         reason=80000021 qualification=0000000000000000
[ 3024.064420] IDTVectoring: info=00000000 errcode=00000000
[ 3024.070157] TSC Offset = 0xfffff9aa55fb8841
[ 3024.074617] EPT pointer = 0x00000001c4aa801e
[ 3024.176891] *** Guest State ***
[ 3024.180299] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3024.189475] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3024.199115] CR3 = 0x0000000000002000
[ 3024.202910] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3024.209720] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3024.216223] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3024.222587] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3024.228621] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3024.235299] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3024.246803] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.259641] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.267717] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.275712] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.283748] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.291803] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3024.299830] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3024.307839] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3024.315795] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3024.323789] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3024.330499] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3024.337994] Interruptibility = 00000000  ActivityState = 00000000
[ 3024.344229] *** Host State ***
[ 3024.348052] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c5fa7390
[ 3024.354084] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3024.360549] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3024.368376] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3024.374251] CR0=0000000080050033 CR3=00000001c1d9e000 CR4=00000000001426e0
[ 3024.381717] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3024.388428] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3024.394557] *** Control State ***
[ 3024.398045] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3024.404714] EntryControls=0000d1ff ExitControls=002fefff
[ 3024.410190] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3024.417421] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3024.424076] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3024.430725]         reason=80000021 qualification=0000000000000000
[ 3024.437084] IDTVectoring: info=00000000 errcode=00000000
[ 3024.442544] TSC Offset = 0xfffff9aa2057ea6c
[ 3024.446913] EPT pointer = 0x00000001a9aea01e
04:15:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

04:15:40 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40044590, &(0x7f0000013000))

04:15:40 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x806, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:40 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x218]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:40 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40104593, &(0x7f0000013000))

04:15:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

04:15:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

[ 3024.833255] *** Guest State ***
[ 3024.836601] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3024.846382] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3024.855820] CR3 = 0x0000000000002000
[ 3024.859855] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3024.868183] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3024.874722] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3024.880755] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3024.886772] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3024.886786] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3024.886812] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.909469] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.909488] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.909507] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.909526] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3024.909546] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3024.949485] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3024.957546] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3024.965750] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3024.977410] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:15:40 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88640000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3024.984083] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3024.993648] Interruptibility = 00000000  ActivityState = 00000000
[ 3025.000613] *** Host State ***
[ 3025.004020] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801251df390
[ 3025.011670] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3025.018812] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
04:15:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400", 0x22}], 0x1}, 0x0)

[ 3025.029900] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3025.037806] CR0=0000000080050033 CR3=000000018f3ed000 CR4=00000000001426f0
[ 3025.045054] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3025.052328] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3025.058809] *** Control State ***
[ 3025.062380] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3025.069270] EntryControls=0000d1ff ExitControls=002fefff
[ 3025.074825] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3025.081892] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3025.088733] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3025.095306]         reason=80000021 qualification=0000000000000000
[ 3025.101754] IDTVectoring: info=00000000 errcode=00000000
[ 3025.107263] TSC Offset = 0xfffff9a9c143b3ba
[ 3025.111586] EPT pointer = 0x000000010f83301e
04:15:41 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40044591, &(0x7f0000013000))

04:15:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff", 0x23}], 0x1}, 0x0)

04:15:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:41 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88a8ffff00000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:41 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x2, &(0x7f0000013000))

04:15:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff", 0x23}], 0x1}, 0x0)

04:15:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:41 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x4020940d, &(0x7f0000013000))

04:15:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff", 0x23}], 0x1}, 0x0)

04:15:41 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80084504, &(0x7f0000013000))

04:15:41 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80284504, &(0x7f0000013000))

04:15:41 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x4020940d, &(0x7f0000013000))

[ 3025.769101] *** Guest State ***
[ 3025.774211] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3025.785173] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3025.799941] CR3 = 0x0000000000002000
[ 3025.803828] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:15:41 executing program 2:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

04:15:41 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x5452, &(0x7f0000013000))

04:15:41 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x86ddffff00000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:41 executing program 2:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

[ 3025.818289] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3025.844764] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3025.885230] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3025.894280] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3025.910032] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3025.928178] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3025.936822] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3025.948657] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3025.956755] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3025.964732] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3025.973037] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3025.981295] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3025.989292] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3025.997288] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3026.005239] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3026.012054] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3026.019612] Interruptibility = 00000000  ActivityState = 00000000
[ 3026.025846] *** Host State ***
[ 3026.029068] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c563f390
[ 3026.035049] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3026.041490] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3026.049343] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3026.055216] CR0=0000000080050033 CR3=00000001d975f000 CR4=00000000001426f0
[ 3026.062253] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3026.068943] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3026.074986] *** Control State ***
[ 3026.078504] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3026.085177] EntryControls=0000d1ff ExitControls=002fefff
[ 3026.090743] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3026.097839] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3026.104510] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3026.111224]         reason=80000021 qualification=0000000000000000
[ 3026.117567] IDTVectoring: info=00000000 errcode=00000000
[ 3026.122993] TSC Offset = 0xfffff9a947b0ea6d
[ 3026.127331] EPT pointer = 0x00000001cd39901e
04:15:42 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:42 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40049409, &(0x7f0000013000))

04:15:42 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40084503, &(0x7f0000013000))

04:15:42 executing program 2:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

04:15:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:42 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88480000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:42 executing program 2:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

04:15:42 executing program 2:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40084504, &(0x7f0000013000))

04:15:42 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:42 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80104592, &(0x7f0000013000))

04:15:42 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:42 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x5451, &(0x7f0000013000))

04:15:43 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0xa0010000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:43 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000001}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:43 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40044581, &(0x7f0000013000))

04:15:43 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:43 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8dffffff00000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:43 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x5452, &(0x7f0000013000))

04:15:43 executing program 2 (fault-call:2 fault-nth:0):
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:43 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80044584, &(0x7f0000013000))

04:15:43 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3027.594456] *** Guest State ***
[ 3027.598157] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3027.609297] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3027.618903] CR3 = 0x0000000000002000
[ 3027.622819] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3027.629897] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3027.636526] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:43 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x400445a0, &(0x7f0000013000))

04:15:43 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0xc0045878, &(0x7f0000013000))

[ 3027.643391] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3027.650128] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3027.665537] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3027.675275] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:43 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x2, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3027.691696] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3027.700024] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3027.708506] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3027.717104] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3027.725217] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3027.733616] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3027.742276] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3027.750599] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3027.758662] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3027.765257] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3027.772853] Interruptibility = 00000000  ActivityState = 00000000
[ 3027.786786] *** Host State ***
[ 3027.790136] RIP = 0xffffffff811f9ed3  RSP = 0xffff880101cb7390
[ 3027.796224] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3027.805146] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3027.813839] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3027.820108] CR0=0000000080050033 CR3=0000000178275000 CR4=00000000001426f0
[ 3027.827479] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3027.834383] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3027.840738] *** Control State ***
[ 3027.844325] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3027.851180] EntryControls=0000d1ff ExitControls=002fefff
[ 3027.856700] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3027.863651] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3027.870394] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3027.877023]         reason=80000021 qualification=0000000000000000
[ 3027.883344] IDTVectoring: info=00000000 errcode=00000000
[ 3027.888872] TSC Offset = 0xfffff9a84bcc0730
[ 3027.893202] EPT pointer = 0x0000000133cc601e
04:15:44 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:44 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x700000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:44 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x7193, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:44 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3028.426882] *** Guest State ***
[ 3028.430298] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3028.439325] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3028.451765] CR3 = 0x0000000000002000
[ 3028.455538] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3028.462093] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3028.468941] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:44 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x3, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3028.475221] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3028.481251] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3028.488367] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3028.496329] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.504338] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.512413] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.520597] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.529020] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.537307] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3028.545327] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3028.553331] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3028.561345] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3028.569366] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3028.575774] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3028.583962] Interruptibility = 00000000  ActivityState = 00000000
[ 3028.590242] *** Host State ***
[ 3028.593449] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801869bf390
[ 3028.599493] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3028.605908] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3028.613753] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3028.619699] CR0=0000000080050033 CR3=00000001ce233000 CR4=00000000001426e0
[ 3028.626765] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3028.633433] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3028.639528] *** Control State ***
[ 3028.642981] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3028.649727] EntryControls=0000d1ff ExitControls=002fefff
[ 3028.655196] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3028.662168] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3028.668852] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:15:44 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80104592, &(0x7f0000013000))

[ 3028.675414]         reason=80000021 qualification=0000000000000000
[ 3028.681744] IDTVectoring: info=00000000 errcode=00000000
[ 3028.687217] TSC Offset = 0xfffff9a7d85510ae
[ 3028.691528] EPT pointer = 0x000000010ac1b01e
04:15:44 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0xc0189436, &(0x7f0000013000))

04:15:44 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x800e0000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:44 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:44 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xfffffffffffff000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:44 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80084503, &(0x7f0000013000))

04:15:44 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80084503, &(0x7f0000013000))

[ 3028.839776] cgroup: fork rejected by pids controller in /syz5
[ 3028.857803] *** Guest State ***
[ 3028.861118] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3028.870265] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3028.883065] CR3 = 0x0000000000002000
[ 3028.886861] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3028.893641] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3028.901265] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3028.907489] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3028.913468] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3028.913481] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3028.913501] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.913521] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.944396] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.953060] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.961148] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3028.969520] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3028.977614] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3028.985595] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3028.993904] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3029.001930] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3029.008374] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3029.015815] Interruptibility = 00000000  ActivityState = 00000000
[ 3029.022062] *** Host State ***
[ 3029.025258] RIP = 0xffffffff811f9ed3  RSP = 0xffff880169c1f390
[ 3029.031263] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3029.037712] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3029.045494] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3029.051431] CR0=0000000080050033 CR3=00000001c2055000 CR4=00000000001426f0
[ 3029.058492] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3029.065165] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3029.071372] *** Control State ***
[ 3029.074856] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3029.081584] EntryControls=0000d1ff ExitControls=002fefff
[ 3029.087102] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3029.094207] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3029.100910] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3029.107517]         reason=80000021 qualification=0000000000000000
[ 3029.107524] IDTVectoring: info=00000000 errcode=00000000
[ 3029.107536] TSC Offset = 0xfffff9a79dc95ef4
[ 3029.121842] EPT pointer = 0x00000001c311201e
04:15:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40044581, &(0x7f0000013000))

04:15:45 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x2, &(0x7f0000013000))

04:15:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x8000a0ffffffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:45 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x4305, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:45 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x18000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100008000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x5421, &(0x7f0000013000))

04:15:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x5460, &(0x7f0000013000))

04:15:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x3f00000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:45 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x1100, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80284504, &(0x7f0000013000))

[ 3029.422348] *** Guest State ***
[ 3029.426537] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3029.448765] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3029.459161] CR3 = 0x0000000000002000
[ 3029.463808] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3029.476546] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3029.483296] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3029.489578] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3029.495675] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3029.502593] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3029.511417] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3029.519500] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3029.527987] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3029.535949] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3029.543950] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3029.551964] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3029.559986] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3029.567991] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3029.575959] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3029.583957] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3029.590389] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3029.597855] Interruptibility = 00000000  ActivityState = 00000000
[ 3029.604079] *** Host State ***
[ 3029.607294] RIP = 0xffffffff811f9ed3  RSP = 0xffff880173a1f390
[ 3029.613294] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3029.619738] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3029.627558] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3029.633440] CR0=0000000080050033 CR3=0000000103240000 CR4=00000000001426e0
[ 3029.640846] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3029.647558] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3029.653623] *** Control State ***
[ 3029.657127] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3029.663802] EntryControls=0000d1ff ExitControls=002fefff
[ 3029.669291] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3029.676220] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 3029.682926] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3029.689519]         reason=80000021 qualification=0000000000000000
[ 3029.695818] IDTVectoring: info=00000000 errcode=00000000
[ 3029.701307] TSC Offset = 0xfffff9a74d567353
[ 3029.705644] EPT pointer = 0x000000011b76501e
04:15:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x400445a0, &(0x7f0000013000))

04:15:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x4, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:46 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x7, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:46 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0xc0045878, &(0x7f0000013000))

04:15:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x5450, &(0x7f0000013000))

04:15:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x4000000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0xc0045878, &(0x7f0000013000))

04:15:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40049409, &(0x7f0000013000))

[ 3030.608420] *** Guest State ***
[ 3030.611941] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3030.621162] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3030.630491] CR3 = 0x0000000000002000
[ 3030.642322] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:15:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x5451, &(0x7f0000013000))

04:15:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40284504, &(0x7f0000013000))

[ 3030.652887] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3030.664589] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3030.672062] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3030.678558] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3030.685438] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:15:46 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x4788, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x40000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3030.716946] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3030.725018] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3030.742990] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40044590, &(0x7f0000013000))

[ 3030.763356] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3030.774792] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3030.793727] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3030.811536] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3030.819903] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3030.828161] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3030.836204] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3030.842875] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3030.852092] Interruptibility = 00000000  ActivityState = 00000000
[ 3030.858416] *** Host State ***
[ 3030.861767] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801218df390
[ 3030.867827] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3030.874231] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3030.882075] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3030.888026] CR0=0000000080050033 CR3=00000001bcca6000 CR4=00000000001426e0
[ 3030.895051] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3030.902051] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3030.908163] *** Control State ***
[ 3030.911619] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3030.918476] EntryControls=0000d1ff ExitControls=002fefff
[ 3030.923937] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3030.930964] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3030.946744] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3030.953333]         reason=80000021 qualification=0000000000000000
[ 3030.960563] IDTVectoring: info=00000000 errcode=00000000
[ 3030.966246] TSC Offset = 0xfffff9a6aadfe0c8
[ 3030.970703] EPT pointer = 0x0000000133cc601e
04:15:47 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x5000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:47 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80044501, &(0x7f0000013000))

04:15:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x3f00, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x110000e0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:47 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0xc020660b, &(0x7f0000013000))

04:15:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x60000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:47 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80084504, &(0x7f0000013000))

[ 3031.320359] *** Guest State ***
[ 3031.332118] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3031.353329] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
04:15:47 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x40044591, &(0x7f0000013000))

04:15:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3031.390354] CR3 = 0x0000000000002000
[ 3031.409196] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3031.429840] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3031.444710] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3031.461557] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3031.470533] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3031.478860] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:15:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x689, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3031.489251] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3031.501842] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3031.512164] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3031.521005] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:47 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x80044501, &(0x7f0000013000))

[ 3031.552179] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3031.573388] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3031.583273] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3031.591743] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:15:47 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000040))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3031.601645] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3031.611525] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3031.626150] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3031.644318] Interruptibility = 00000000  ActivityState = 00000000
[ 3031.650986] *** Host State ***
[ 3031.654254] RIP = 0xffffffff811f9ed3  RSP = 0xffff88019c927390
[ 3031.660851] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3031.668106] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3031.676088] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3031.682511] CR0=0000000080050033 CR3=00000001bb404000 CR4=00000000001426f0
[ 3031.690198] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3031.697347] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3031.703479] *** Control State ***
[ 3031.707276] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3031.714043] EntryControls=0000d1ff ExitControls=002fefff
[ 3031.719848] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3031.727103] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3031.733840] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3031.741300]         reason=80000021 qualification=0000000000000000
[ 3031.747908] IDTVectoring: info=00000000 errcode=00000000
[ 3031.753426] TSC Offset = 0xfffff9a64d2ab284
[ 3031.758078] EPT pointer = 0x000000017becd01e
04:15:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xffffffffa0008000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xfffff000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:47 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:47 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x5421, &(0x7f0000013000))

04:15:48 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:48 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x9effffff00000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3032.193274] IPVS: ftp: loaded support on port[0] = 21
04:15:48 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8035, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:48 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0ffffffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:48 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xa0008000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3032.467173] *** Guest State ***
[ 3032.470845] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3032.484514] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3032.494368] CR3 = 0x0000000000002000
[ 3032.498673] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3032.526803] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3032.566747] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:48 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8906, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3032.573774] RFLAGS=0x00000002         DR7 = 0x0000000000000400
04:15:48 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x1000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:48 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x20000000, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
munlock(&(0x7f000055e000/0x4000)=nil, 0x4000)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3032.607176] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3032.618518] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3032.661625] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3032.683318] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3032.712702] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3032.730869] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3032.748888] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3032.768178] GDTR:                           limit=0x000007ff, base=0x0000000000001000
04:15:48 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x300, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:48 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x1100000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3032.808670] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3032.836026] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3032.883946] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3032.905103] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3032.921921] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3032.942202] Interruptibility = 00000000  ActivityState = 00000000
[ 3032.956602] *** Host State ***
[ 3032.964683] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018b5af390
[ 3032.978827] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3032.993164] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3033.026462] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
04:15:48 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3033.058233] CR0=0000000080050033 CR3=000000018b8b6000 CR4=00000000001426f0
[ 3033.075929] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3033.101787] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3033.112267] *** Control State ***
[ 3033.121273] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3033.133932] EntryControls=0000d1ff ExitControls=002fefff
[ 3033.146397] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3033.155382] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3033.162644] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3033.169659]         reason=80000021 qualification=0000000000000000
[ 3033.176117] IDTVectoring: info=00000000 errcode=00000000
[ 3033.182221] TSC Offset = 0xfffff9a5b0a5a280
[ 3033.186974] EPT pointer = 0x000000018b8cb01e
[ 3033.677090] device bridge_slave_1 left promiscuous mode
[ 3033.682594] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3033.717394] device bridge_slave_0 left promiscuous mode
[ 3033.722822] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3034.686535] team0 (unregistering): Port device team_slave_1 removed
[ 3034.695187] team0 (unregistering): Port device team_slave_0 removed
[ 3034.704522] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 3034.759755] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 3034.835702] bond0 (unregistering): Released all slaves
[ 3035.024544] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3035.031119] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3035.038269] device bridge_slave_0 entered promiscuous mode
[ 3035.064923] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3035.071452] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3035.079375] device bridge_slave_1 entered promiscuous mode
[ 3035.114563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 3035.150437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 3035.256260] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 3035.294252] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 3035.448595] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 3035.455702] team0: Port device team_slave_0 added
[ 3035.477869] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 3035.484877] team0: Port device team_slave_1 added
[ 3035.506357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3035.543034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3035.581671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3035.621464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3035.882613] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3035.889043] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3035.895662] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3035.902054] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3036.622572] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3036.692413] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 3036.763447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 3036.769599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3036.776479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3036.849356] 8021q: adding VLAN 0 to HW filter on device team0
04:15:53 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x40084504, &(0x7f0000013000))

04:15:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xffffff9e, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:53 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x100000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x240]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:53 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$mice(&(0x7f0000001880)='/dev/input/mice\x00', 0x0, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0)
sendmsg$alg(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000240)="12576738eff24c00f6d067b4aaf3b46ebec8be641b2bd6ed4a52ecf56a6f8cdb45591c8b0d47e1be0e59", 0x2a}, {&(0x7f0000000280)="8d22bc9564a2e71c3eeae4c5c295d2fa5c58e9b6f0b328e85482a7f09b042bafbaf9d86a76965800ab39fce58dfb24826f5ebf0996bdf40f89b3b28eb2abc83adddb6cd0eb0db7bbddd09655c8ce613ea899697f8066d7da1c97b76959093b076ce401352dc5eae44dc1585afe5104343c9272fad7413e03ac1d562cb687f4d4036459a2c39bb8047005e79bd6357a74404dbb739829495da9f3219f7bde3a86c88a3351df974dc05a54dfbfe272b396b35c493fdf25b066aebdef9be322edbd5a483a19e182882933f6", 0xca}, {&(0x7f0000000380)="40a0c01c2e59a27934129e5c28574822a9ba5fce1d9c4ff572823988d259f0658466cf311d61097a7d8901f5204cbbae019a2ce22e", 0x35}, {&(0x7f0000000680)="ebc7d66fde004835a98d2d6815b9f4e67e780099e0f4fffc4a2b6c777f9758bd9084a501524457b716b8a13edf3a20011b76103b3a8c07cd69c4b7252eb1543e5ff7fd13ca936ea5c16b3055fd55877eb5627e93553e564a794c8e734c0ecee003225e808a3f32c3c94a35aaf17d92815f6d00002e034c7f52651e683665a92e05b98c68e46bf6c2228315dbcaea307f909fb538246d73bf9838ba040bc5d2bccb0a1208c66033930252e73d4c1da964357907a84ab278b9ca9099bb97e4ad035041addf9a5173edf5a07cdc42097982427925e62c893a8b8e96623b937137116ed48efed0e7c281878fc30b1ffc07a7f716efc5c29c218c667f9dc3998108f2865bdcb2378bfcf373067bb3fbf890e166d0d20553a80d6758c599114cb6564a67363332c19bc62f0af483aea292eec0f57f77f2024915be6cc1ac55ad9e03de6537a2e62985def4c2d4334301740a71ca6c3edfd2d8ed8b6b8bf9531192ba2a66d1a068781b01ec1c74a8e65d02ff8108eb76e0287bda37ee78052e825bf329d95f193afd139147a3d4d57c2840fb662314433f1a721ea18b5d60f0489ad53d364b7c85cf7a364121d6e0536e8b463993a627a9c030ba3dcf09bfcc3f814a6e4f1ac6c801a5b1c9bdffcd2c2d91bbef4253edcb35c708fbe1c9a3e035e4cd143b46ea2acec85f6f0502d6aff6070a605bcc7d82207062a0bc0e584e3e71dc9ff4b77144a4827f9340fc33fa0dd9612da2ed0999a2d26f1fe03161c3ed15da126a8f04c993a8dd4e0718e2c86bee2f8a5d05935b890abe6fea69c2a14af18860422f074a4bf2af9a243bf2c9b7b6188068672cc333e433e08fefb662a7287df638a0db1ce01a0e971899f40e0d057838a2676a815d77174b1788ec287eb6c08f06aeedc9257f32f1f090b7e469a25c0f9fea9b53c605e0fa0b5bfa042d7c7f5a5e20270dd38818e00dbcb25d46cf198aa0b5dfd2c326c4b08eaf4a2c623d6b495bf126b2e9f3f3838805b4b049d203a9dc4f1af4cc4d24032fdc670491d7bfc0a8cebbd2362b892a7ff6a56dca65645db4f07f0e984188f7a7c006e275c9c3d56b6ed444e3540365f3a34ba46be7d61118fc60bbf61d3b4924dab7cadebbdcb16e4fcca4eb15c064bf5d0da3cc66981c8c8f753152cd336ce46a547639a3009e5eec0464424b8b46ffae74e29e52987f7632f4cae66d7e151ac2ff8c4bbfa89fdb451a634e30d8a7e60aa2b25b380ae3c60ba62fc4ed81665cb1aa41c56350e06fd6992b1d23a6213f9b378fbb6c76b60f7ea0ef133b3e9fb29ce564836d81c24642d1c4d8a5faa3cf3f9efb7938ed49c79cfffae6c014836b0610c3f000f97f5c411e58edc512e1243796a72f62be7335d2d14f2dc32ae2fb8d34360b3dfbdc08f58918085d95c8d805588f448d3ee2d4ec0ed64555cc1587e0e7ed089fa39ba931754f89ce82a9ce8813756dbb02567c921894749d91d36fb2708a26b656252bdfc56260a7e6f848f106e55b99aa1f055c1a016bf311a12d623d4288997bd36376ba44f9b23d396ebb1a4b7d43035b6adc6e24d4a5ec485457fcb3537af28d37e876984c6500bf124dbc0d65aded4a8de5debc36be4fb9d847cd8fc7354a7473cbd43ad7a23c897e3f791630f4edaee603312236db93908a023c818043cdb8e517c8ece1c2d563daa5669d1b9beee929720505a80c85899286a14624f62f26eaa2b9e014f4572c1c60151dc969399ce6c7c27bcf05112a69115f145eeff1c522229cf7ce60b41b72b3729dd9684d9ac7a348501de958a023d20a860cc3e79c03fcf9e15f5d35dad13a3e2ebc212a4350890339754d7e105919b575b2d8055d48a244018768211ad82363ba5c295f327546d491af85ab16d5b0f697bc1b5a53edc12f512cf51e9098d2d008a8edf72fc3e285528581aae5f9759e8f1441196ec93e205278d80be0eb9ffc689a298b0b8a98a36db587af2499c9179bc8425e5c9a598acad2f6220f16e5eb9af65f52d703e9fc27070a0e21f4d2b5b3b931934c9aea67746ec221923fffe4dad419c344ebd9e1ae5960d8f025da31b25cc43bca2e44d6543581b36c933538fd7e2edaf53191d17ece965ab4dec7a1da801949a87280f2df9f762651c5a1a01b81d4a50143c312af320cff67b85818f50b5a2b93dd986821f6178c28dfc2ce83bff90dae3803f6e0a273e1a1e0e1fd2e2eb6a187846fe1f1ff882ea348f0c1e4d8714c3a301af172c4b24b1da70c596ef757066727fe5edcef444d831c2d3f3a24fafe2f3ffb9774a6f90aa67080bfd8a84b88a06039320f21082b796d0cea0b4b16989501e1d395f00aab7a935c2a221ef14fb7ea4ffa03159c80f8169faf7335736163b9b55af6bee3984f72532874347132b54dbd2df5da45437ddd0e1d33f7bd8cfd28090f3b195b0a76ea3bb23855c7a7fb2c62722d145a1fea3de2e7975f4a0ec8af0d000d12853a8cb461c50033c9a24dc005cba9200a20d9f357ddd2cf6ec730aba4a329bb3207b1530122215e4e8d8a180caff372086fda0c1ff53391f9445506e29d102d7ca11fae8108f37aee1ff751f1e30bd4f99ffe01f6ffc6986853874e47ebb1f610b298b5a7051fd4c9366f5dcc11c0d279cebdd019aa33d744f2cd0b704f7cc547e5715526b44cfe0c97022b39ddf6d2dbd4dce0aeae7cf9d28fd92a6473a75c9f19859323829de45174e03846e35afe1124849ef616864c7d23c4fdbfe1aa88c0b355a80c376c8f8fc64e24e80687ebdc743122425cd0612ba0f698d310b277842a3df37b9e3274102b563b495b8813253bf516e6a44d61e0d23193cfcf27b4c47fb9b4557db0d9bea6a9223ad8d304359450729ffbbb5f85a0a636bd2dd3b32f2c14aca90b970362bb621a121811ebddc546b138dcf73b21927964f9bb09544af895b53ed152f7ccc37399dd37d392e1e83554e77e872154e351882370b1a22fae7dc5a3d07fe0e110c60741278a271d61773955c286f47aca7a326f7c44cdd2e08616e80eb68d02d8cf66739145945270c53324aa73450bbbcf052219806ab47cb4bddedddd339a5913480b5672308b43617554075a0e318ba4fb2ab8a70d492ecb91f8650ede52e54bc35b9bd1efd643cf82e8475c668ebe064abc5dad81f683e5b1e21a041be9cc0130cae231baa3fe9849de86e9480da62d380edf4b92bf9fcf524009c23eb098bd818ed3e4c434bc965963c9b2233a225f5e7c3096b69d8506a49a13302c923aed6463b20718f7ad0922cadd0254905fe46b2a4e326df553af82637031bee21dbedbd626cf64743435779cd5319c069573819aeb4a58cc6d9c9619e7b150c4a1a45754cc90bcc208a2d5a3759feea811bc6aaa6ae2bd2fcfb4795c7721d58105e386e263ee4c3daceda50b1c9fafd257dfb20484bfc235711e463c17246165030cc1e92dee7a0ab27eaabda575458622a75b33bd4c83e224f8097a74dc2444a0e9700deb8a21db07fee53b2b3c53d120f1bc12d86119d44799f636344568fe90ea4028b32f8955d26394605f14d7aac2f666a4723fd1d42891bbcc7b6b3abceddf731c69dd5cb7433ec568c755406275957c63395ba5778964a290cf5941ea89474865041b732bcea749016a745bcd89d2c174162a8c4334a084c0fc521380e79b2dc7b26257a9eb699626b1d1129114b08eaafddb93e42de88bf54daff043afb7ad596def7fed1ddf3c92d54736f06bd861842780c0e8d7b44be03b7901aa0a2ccf82bc55c0837680ec5554b24367fa69dc41ecb73944d2612b775e146c7345f1bdead716a1ab6ac505c5c3397844b68c30319bd01d288878227b3d8557564c2ae983bde46ae4595e4ecc006856efbed358ed51b85d01611de7f3f2b83f2ca087644e586cb389997bbda1aa7a5123cd950c5aa81de3050a9042713e93af31be0a01bc16a2cb14359de6c327899cc661e90a2bc376278a83d4362a76a5a826ae38f118342832e9470c4deaec36e700f1d303a5128512f610808a6405865e27cfba9da4a5d1ce8adb7e7f0baa445fb9ad1faa0d124521f7783daa9fe9f082aa4f963f618fc20f4f7a864c55a770e912a30e34def0238d04f4c27a4fc301da71decf3b148b40776ef2f97e29e38f09608e76571eb52a4b1332f8e45d8613956026d53f0210502b6e7a4afe01a9fa1a01e7c68ba83430e30e4701dfed7714fd1ae90de0fcc2579225ca5d1c981a2b2d6913b7d553667b143999d3bbc5edd5e95cd244b5bbdb9df609ee07280393a18b970b538be90e1ba124a7e0b8d5c50bdf55308f7e3a4822279684b54de7e78419d1d91a3ebe099a84f00c3e175a9f4cce3dafd1f6f5b6e4522e8968106167ca76c9176b4bc9794dfd79823e438130543477ea31fcb6d59bdae55aa4e1ea78dc31211d355e0fe476a5f61c964bfa77e5014c99213c13ea6ffc65353ea671f52a53f740ccf978bc343a99b41d171baee95b7359eb7338fa634f5bac3dc3e5c41ecf64449f43513f1783ac0e76ba7a7bf610f0fcbc3d09800cd3367dc91f952e99a4a911b4803ddda4355957063f4bb0993ecab99420f898b41d01ee8494b435ae0468f24b91087c834069da163e57111bd63896e23a92a826fe8ab986280f78303de4c5ae86a17315e2c96b1a7f8617ff15d088c93d62ffafc60ceaada67c0e3e5096e160c0190a654aaf0ea6308a6c3fdb66fcc29dfca3737ede4e5a0a18c2f63b8c1008bf47ae13e6b44b705c021aa7f617507cbaa3352cd697f440dfedfc8178020cf68ba4d4b9a1e5769d16207d270df02c1ff275b1af8ada94035a728413ac6236a34dff8a12fa7f396c681d179e50022f32e42ea1ee1e81a60107035295e94d475c9185be0c5a5fdc37a1c96b23469e1ee144e8220da25e2a8d8265bedab0be10a6c9504ea2044c7427690886b143f44050150f00edf4afdfa35be7bc99ace1d8ed73101c25b911c468d357b6101fe2382e601d48f4f13263583f21e71a7c64afed01efbcf33a31829ee3af220d9163ba05b197f29e835c13691b29813201fc9714717292e3bd0e0eca9b1d900c5939a3c25d83719d8b150d2a3e4ab69aa8ee1ed1150377b8ac18b10920f8eeac520ed1c5c49ae5a41dd5bc7474efa4a53e016bdb65c8bed7517e77ac16a5f9dbd7a9918b31d4c6fb4f269ac484fea497f9e60b6adefb0f359f9719ac5df9be52515c342c9803e4dc4083e74aced0e78e67686d7afb5d7b9e68a0c0ea833758860cd47e4313662199f1b504be211aa59d4464d37df0285fc804bff57588f94abf2749df4cbab4c04a073a8a1a995e33d9a984c039c9d2443a87a8cdf6be09d0180d05cc4b266d746b81664e874d9876857463827b809f35cca000a91ed3ba18f80b7820edf681fc902ab7faa2341249c7b6a2183a438f3b27f7da6253b5cbc3bffcba91b80c0a27b0e4ac92a37fd0cb94754c8535cad906b107662b4c8250668dd33ed15864be297642669eda1998292b9018bc586737afc76d88ef3bfb8cefb976c7cba83e657784e43b2b1d2924e44972b80951a53b3a10ab5eccca4ff13d7ffef5a8a866826f8e14eef223c420f0fadf6164f3734617cb918cf4434de877dda6b7e5271e318a52365de1a0d87fb9d18819ca0ae7e720c37e68521ade9f42b38e7084c5f2a1d7eaa298c24fe80c0cf7225dec2c4c45c6baca41a6f337b1fc84dbd9b6a5686bc162bc2daad4fa119fba6554625dd1e479cfca5e9df051b9bbbc239344c764a2add72bca8d2b839194c8b61c1fe93e452300dc9edf63abbac38dbcf7f32d", 0x1000}, {&(0x7f00000003c0)="2fd7d77dbe3a72656fa1d4a804c8282fe0c1a81466fb35e1eb77ad7ae55313cdf7e46abe6b6e696be2f1832cd24721b263a7c504828a3ca5ba8f4b1d6eef59d6332481f20a657dbef0b60ddb3d1bd1483592f206c73bb9303d83157b67d417d8c526b9880b15058ce56e1cc7beacdd3a1ba6c6f8121cb3cd4308b12729", 0x7d}, {&(0x7f0000000440)="34a04d006933f18eb6df11934aefdd09dbd0ae0af745d15b907a19a5fcdeade36fe9182cd71882363b9a99da62c102d77781bc441f49a65e5e53568985303122073eb28b74c41e3f64ec4953b202e40929037c172e0b5397ac8ee49775c4f37e6b85cf1cbf0af6570021f71034efc36bb19621401624ce51bb119568d99dfe8f2a3b67b878c2de946c117c31bd008e7d04d8a4ce3cc70a8b72746d20ce713d94b146103062fe71bb554efa28fa8588e06ef78d8891258661765b1270235443b1dc1ba2673894d3045c5da88561fd2a81cd0d87d4a8d6283dbbab47c5e84743812de125968597064ea58908", 0xeb}, {&(0x7f0000000540)="dac8e02c51050b5b7b9260243f742b7cd6547d8245a011ab45df5d5cc4098e603d2058bd8f89fcf522ab047daabad2af6762ed17fccb331c291acd49846b4b37", 0x40}], 0x7, &(0x7f00000018c0)=ANY=[@ANYBLOB="180000000000000017010000030000000100000000000000180000000000000017010000030000000000000000000000a800000000000000170100000200000090000000ec6673df09403aa03ebfb849fdcb48fcb39333f5d85d3bfce51bd27172e38d364086e51cf0aec52420c559ef7e5de4b6fdd3d8eafa5e4daae670a5bd03d6c7ad0d4a5970282231c57418fec2b51e64b95a6ce25af029bf626f45c7219928c1f139328378c94d66c4f0c6d7cbf1b3eb0c5f0fe400811cba2edfe893c18c9d335f0b3885b80c23ba4e18937afbae6877440000000010010000000000001701000002000000fa0000000512f35860c05350d5cfa47b5a58a58b450e1a3b97de90534c8e10772343d6f68bd65e217f3391bb78f1c55303ee9e5a0ed2ad4aeabd7374c65e84e35112bc4c2e3afb4287c72a4e51006ea97a33f8e8367145d9b09aee79b413611259e7d6a3f89cf5e01dc307ec4d679ee3c5eb406210dfe44856c1f881553b7151f801ef1e204c37b25e86fcbc0d7ea8efe6e1d756b67c9c00949d29caebf2dbf7af1c6050ec6907ee91dd62c109569e3a6b55ce2c4154a01500af037d958844804b077f05ae3f2ec98e78bacf818f18caa283f3e6406bf80cf7561e0f69234fb9997a247d32eaf5b64ab2841ce51353d45e4d90e43156912e2ca40b7873ba4fd7f9c8b10000180000000000000017010000030000000000000000000000"], 0x200, 0x44000}, 0x1)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x80, 0x0)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f0000000100)=""/196)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
write$USERIO_CMD_REGISTER(r2, &(0x7f0000000080)={0x0, 0x1}, 0x2)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3037.362142] *** Guest State ***
[ 3037.365433] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3037.375482] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3037.384854] CR3 = 0x0000000000002000
[ 3037.389283] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3037.395892] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3037.402696] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3037.413153] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3037.417007] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3037.419223] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3037.423941] CPU: 0 PID: 10162 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3037.430758] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3037.438826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3037.438832] Call Trace:
[ 3037.438855]  dump_stack+0x244/0x3ab
[ 3037.438880]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3037.446924] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3037.456203]  handle_userfault.cold.32+0x47/0x62
[ 3037.456228]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3037.458863] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3037.462414]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3037.462434]  ? rb_erase_cached+0xc78/0x3720
[ 3037.467670] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3037.475571]  ? userfaultfd_ctx_put+0x830/0x830
[ 3037.475592]  ? update_load_avg+0x2b1/0x2470
[ 3037.480344] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3037.484822]  ? attach_entity_load_avg+0x860/0x860
[ 3037.484840]  ? update_load_avg+0x387/0x2470
[ 3037.492886] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3037.498151]  ? find_lock_entry+0x2de/0x8e0
[ 3037.498166]  ? attach_entity_load_avg+0x860/0x860
[ 3037.498186]  ? find_get_entry+0x1120/0x1120
[ 3037.502551] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3037.510448]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 3037.510466]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.510480]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 3037.510502]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 3037.515143] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3037.519382]  ? rb_erase+0x3710/0x3710
[ 3037.519400]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 3037.519418]  ? retint_kernel+0x2d/0x2d
[ 3037.527468] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3037.532217]  shmem_getpage_gfp+0x3723/0x4840
[ 3037.532236]  ? perf_trace_lock+0x14d/0x7a0
[ 3037.536605] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3037.544512]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3037.544526]  ? __update_load_avg_se+0xae0/0xae0
[ 3037.544546]  ? check_preemption_disabled+0x48/0x200
[ 3037.548859] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3037.553616]  ? update_load_avg+0x387/0x2470
[ 3037.553635]  ? attach_entity_load_avg+0x860/0x860
[ 3037.558017] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3037.565893]  ? mark_held_locks+0x130/0x130
[ 3037.565913]  ? update_load_avg+0x387/0x2470
[ 3037.565934]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.570944] Interruptibility = 00000000  ActivityState = 00000000
[ 3037.576377]  ? attach_entity_load_avg+0x860/0x860
[ 3037.576401]  ? debug_smp_processor_id+0x1c/0x20
[ 3037.581212] *** Host State ***
[ 3037.586574]  ? perf_trace_lock+0x14d/0x7a0
[ 3037.586592]  ? __perf_event_task_sched_out+0x33a/0x1bf0
[ 3037.586610]  ? mark_held_locks+0x130/0x130
[ 3037.594662] RIP = 0xffffffff811f9ed3  RSP = 0xffff88016dfaf390
[ 3037.598350]  ? lock_is_held_type+0x210/0x210
[ 3037.598373]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.598393]  ? check_preemption_disabled+0x48/0x200
[ 3037.603195] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3037.607014]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.607027]  ? check_preemption_disabled+0x48/0x200
[ 3037.607044]  ? debug_smp_processor_id+0x1c/0x20
[ 3037.607063]  ? perf_trace_lock+0x14d/0x7a0
[ 3037.615077] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3037.619409]  ? cpuacct_charge+0x265/0x440
[ 3037.619425]  ? lock_downgrade+0x900/0x900
[ 3037.619446]  ? lock_is_held_type+0x210/0x210
[ 3037.623666] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3037.631631]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3037.631648]  ? xas_start+0x23d/0x740
[ 3037.631667]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3037.636823] CR0=0000000080050033 CR3=00000001aae94000 CR4=00000000001426e0
[ 3037.641409]  ? xas_descend+0x201/0x510
[ 3037.641431]  ? xa_destroy+0x4d0/0x4d0
[ 3037.646472] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3037.653516]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3037.653530]  ? task_numa_work+0xea0/0xea0
[ 3037.653550]  ? check_preemption_disabled+0x48/0x200
[ 3037.658003] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3037.662768]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.662786]  ? active_load_balance_cpu_stop+0x12e0/0x12e0
[ 3037.670280] *** Control State ***
[ 3037.674443]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.674465]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3037.678832] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3037.684300]  ? xas_load+0x43/0x1e0
[ 3037.684323]  ? filemap_map_pages+0xd11/0x19b0
[ 3037.690603] EntryControls=0000d1ff ExitControls=002fefff
[ 3037.695371]  ? lock_downgrade+0x900/0x900
[ 3037.695394]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3037.700116] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3037.703222]  ? set_next_entity+0xdc/0xc60
[ 3037.703236]  ? reweight_entity+0x10f0/0x10f0
[ 3037.703253]  ? update_load_avg+0x2470/0x2470
[ 3037.707547] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3037.712833]  ? filemap_map_pages+0xd38/0x19b0
[ 3037.712857]  ? find_get_entries_tag+0x1400/0x1400
[ 3037.717136] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3037.723029]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.723049]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3037.727514]         reason=80000021 qualification=0000000000000000
[ 3037.732969]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 3037.732989]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 3037.738046] IDTVectoring: info=00000000 errcode=00000000
[ 3037.744383]  ? perf_sched_cb_inc+0x350/0x350
[ 3037.744405]  shmem_fault+0x25f/0x960
[ 3037.750004] TSC Offset = 0xfffff9a30c0c79e1
[ 3037.754943]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3037.754969]  ? trace_hardirqs_on+0xbd/0x310
[ 3037.759679] EPT pointer = 0x000000018b90701e
[ 3037.763835]  ? kasan_check_read+0x11/0x20
[ 3037.763854]  ? finish_task_switch+0x1f5/0x900
[ 3037.763874]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3037.776050]  ? compat_start_thread+0x80/0x80
[ 3037.776071]  __do_fault+0x100/0x6b0
[ 3037.784695]  ? _raw_spin_unlock_irq+0x60/0x80
[ 3037.784718]  ? finish_task_switch+0x1f5/0x900
[ 3038.034114]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3038.039230]  ? mark_held_locks+0x130/0x130
[ 3038.043474]  ? mark_held_locks+0x130/0x130
[ 3038.047718]  ? __switch_to_asm+0x34/0x70
[ 3038.051778]  ? __switch_to_asm+0x40/0x70
[ 3038.055842]  ? __switch_to_asm+0x34/0x70
[ 3038.059903]  ? __switch_to_asm+0x34/0x70
[ 3038.063970]  ? __switch_to_asm+0x40/0x70
[ 3038.068029]  ? __switch_to_asm+0x34/0x70
[ 3038.072114]  ? __switch_to_asm+0x40/0x70
[ 3038.076201]  ? __switch_to_asm+0x34/0x70
[ 3038.080260]  ? __switch_to_asm+0x40/0x70
[ 3038.084329]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3038.089877]  __handle_mm_fault+0x3d40/0x5a40
[ 3038.094305]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3038.099154]  ? lock_is_held_type+0x210/0x210
[ 3038.103594]  ? plist_check_head+0xea/0x150
[ 3038.107849]  ? plist_check_list+0xa0/0xa0
[ 3038.112002]  ? ring_buffer_record_is_on+0xe1/0x130
[ 3038.116937]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3038.121469]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3038.126886]  ? handle_mm_fault+0x42a/0xc70
[ 3038.131128]  ? lock_downgrade+0x900/0x900
[ 3038.135277]  ? __do_page_fault+0xa0e/0xd10
[ 3038.139527]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3038.144458]  ? unregister_trace_event+0x3c0/0x470
[ 3038.149303]  ? lock_release+0xa10/0xa10
[ 3038.153284]  ? __do_page_fault+0x567/0xd10
[ 3038.157525]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3038.162637]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3038.168176]  ? check_preemption_disabled+0x48/0x200
[ 3038.173208]  handle_mm_fault+0x54f/0xc70
[ 3038.177278]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3038.181865]  ? find_vma+0x34/0x190
[ 3038.185414]  __do_page_fault+0x567/0xd10
[ 3038.189503]  do_page_fault+0xed/0x7d1
[ 3038.193306]  ? vmalloc_sync_all+0x30/0x30
[ 3038.197459]  ? error_entry+0x76/0xd0
[ 3038.201178]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3038.206204]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3038.211051]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3038.216071]  ? lock_is_held_type+0x210/0x210
[ 3038.220495]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3038.225348]  page_fault+0x1e/0x30
[ 3038.228803] RIP: 0010:__get_user_4+0x21/0x30
[ 3038.233221] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3038.252127] RSP: 0018:ffff8801a297f830 EFLAGS: 00010206
[ 3038.257495] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc90003f42000
[ 3038.264778] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3038.272047] RBP: ffff8801a297fb98 R08: 1ffff1003452fee3 R09: 0000000000000000
[ 3038.279335] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff1003452ff0e
[ 3038.286616] R13: ffff8801ba880280 R14: 000000008040450a R15: 0000000000000000
[ 3038.293917]  ? __might_fault+0x1a3/0x1e0
[ 3038.297993]  ? evdev_do_ioctl+0x159d/0x2180
[ 3038.302326]  ? str_to_user+0x90/0x90
[ 3038.306059]  ? do_futex+0x249/0x26d0
[ 3038.309777]  ? kasan_check_read+0x11/0x20
[ 3038.313946]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3038.319231]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3038.324772]  ? check_preemption_disabled+0x48/0x200
[ 3038.329794]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3038.335353]  ? check_preemption_disabled+0x48/0x200
[ 3038.340373]  ? debug_smp_processor_id+0x1c/0x20
[ 3038.345044]  ? lock_is_held_type+0x210/0x210
[ 3038.349471]  ? __fget+0x4aa/0x740
[ 3038.352949]  ? lock_downgrade+0x900/0x900
[ 3038.357132]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3038.362090]  ? save_stack+0x43/0xd0
[ 3038.365760]  ? __fget+0x4d1/0x740
[ 3038.369229]  ? ksys_dup3+0x680/0x680
[ 3038.372956]  evdev_ioctl_handler+0x144/0x1a0
[ 3038.377401]  evdev_ioctl+0x27/0x30
[ 3038.380946]  ? evdev_ioctl_compat+0x30/0x30
[ 3038.385276]  do_vfs_ioctl+0x1de/0x1720
[ 3038.389175]  ? ioctl_preallocate+0x300/0x300
[ 3038.393592]  ? __fget_light+0x2e9/0x430
[ 3038.397573]  ? fget_raw+0x20/0x20
[ 3038.401034]  ? _copy_to_user+0xc8/0x110
[ 3038.405028]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3038.410586]  ? put_timespec64+0x10f/0x1b0
[ 3038.414737]  ? nsecs_to_jiffies+0x30/0x30
[ 3038.418912]  ? security_file_ioctl+0x94/0xc0
[ 3038.423360]  ksys_ioctl+0xa9/0xd0
[ 3038.426825]  __x64_sys_ioctl+0x73/0xb0
[ 3038.430728]  do_syscall_64+0x1b9/0x820
[ 3038.434618]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3038.439993]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3038.445112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3038.449967]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3038.454996]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3038.460020]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3038.465047]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3038.469903]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3038.475099] RIP: 0033:0x457519
[ 3038.478299] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3038.497211] RSP: 002b:00007ff39d978c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3038.504927] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
04:15:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf0ffffffffffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3038.512202] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000007
[ 3038.519471] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3038.526739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff39d9796d4
[ 3038.534010] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
04:15:54 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x6000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x5460, &(0x7f0000013000))

04:15:54 executing program 4:
r0 = socket$inet6_sctp(0xa, 0x0, 0x84)
mmap(&(0x7f0000c59000/0x3000)=nil, 0x3000, 0xc, 0x100010, r0, 0x2a)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3038.601041] *** Guest State ***
[ 3038.604584] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3038.613810] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
04:15:54 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x8000a0ffffffff]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3038.677663] CR3 = 0x0000000000002000
[ 3038.685973] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3038.697144] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3038.706191] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3038.714698] RFLAGS=0x00000002         DR7 = 0x0000000000000400
04:15:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xfffff000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3038.722401] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3038.736877] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3038.746788] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3038.754939] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3038.763457] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:54 executing program 4:
r0 = accept$inet(0xffffffffffffff9c, &(0x7f0000000040)={0x2, 0x0, @local}, &(0x7f0000000080)=0x10)
r1 = accept4$nfc_llcp(0xffffffffffffff9c, 0x0, &(0x7f0000000100), 0x800)
mmap(&(0x7f0000c4a000/0xf000)=nil, 0xf000, 0xb, 0x12, r1, 0x0)
r2 = userfaultfd(0x0)
r3 = syz_open_dev$dmmidi(&(0x7f0000000540)='/dev/dmmidi#\x00', 0x80000000, 0x100)
getsockopt$inet6_mreq(0xffffffffffffff9c, 0x29, 0x1f, &(0x7f0000000580)={@ipv4={[], [], @loopback}, <r4=>0x0}, &(0x7f00000005c0)=0x14)
bind$packet(r3, &(0x7f0000000600)={0x11, 0x0, r4, 0x1, 0x2, 0x6, @broadcast}, 0x14)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
vmsplice(r1, &(0x7f0000000300)=[{&(0x7f0000000140)="ce7c527032419b6bda6df8754115770f3a2c8990934c75f07086b181ccc8b2da8103bac4f98cdbd79f23a6b78de7ead02156f97b785980cab987c28cedb0959aa5a2a998b8f56fbf4ed0139f4f3be3f3ff2c02d0b45a0b4e3f212a0c5db2b47271dbd23a604a4006d9acc4dcaa749b2f2a691827035823592bf495fc9e78fd162f4f9da1be0e9fe98e5e70b173fe66520e6150249c8753f70b395f1e36", 0x9d}, {&(0x7f0000000200)="b1b7763c1574dd9675e417a2d6a8d804384f538875443156b7d382089ca78745b54ef2e09f9d49efd0359202dcdd458c8650a3bcb3b45e1301adecfd7fac7ec3a90911bc73acae940013f56752a63c68fb74a5075ed4ff0046f495", 0x5b}, {&(0x7f0000000280)="edd83bf5f3c2d6e4d29898b1c38370acff6edf55447dbe83410a1454a1f15d7786bce9eac6780a485fd603c96d8724c464a8ba9ec7c1b147f379", 0x3a}, {&(0x7f00000002c0)="e6199dc6cf197717f1fccd94f11c", 0xe}], 0x4, 0xb)
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000340)={<r6=>0x0, 0x4, 0x9, 0x6}, &(0x7f0000000380)=0x10)
r7 = semget$private(0x0, 0x3, 0x1)
semtimedop(r7, &(0x7f00000004c0)=[{0x3, 0x351}, {0x1, 0x0, 0x1000}, {0x1, 0x100, 0x800}, {0x1, 0xffffffff, 0x1800}, {0x4, 0x3, 0x7039b6b6f6c7b2dc}, {0x4, 0x0, 0x1800}, {0x2, 0x6, 0x1000}], 0x7, &(0x7f0000000500)={0x0, 0x989680})
r8 = memfd_create(&(0x7f0000000440)='\x00', 0x4)
ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000480)={0x7203})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000003c0)={r6, 0xfff}, &(0x7f0000000400)=0x8)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000013000))

[ 3038.773110] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3038.781168] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3038.797309] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3038.805301] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3038.805316] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:15:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x80084502, &(0x7f0000013000))

[ 3038.805334] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:15:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x2000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
socketpair(0x9, 0xb, 0xb81, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = geteuid()
getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000008c0)={{{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f00000009c0)=0xe8)
syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f00000001c0)='./file0\x00', 0x4, 0x6, &(0x7f0000000780)=[{&(0x7f0000000200)="7f9169779e659e81053e8f5ebb24ed45297c3d83debef24e298e1545d4675fc83699faa5990ec4d385faddffa3a8c81f6ae601f4f65e6143a45ee9e95b1fb64b79c93e5aeb5878f177c930ba7c7009e3838fe2c144da900d07b2c721cc121719ac030234ea423a025f1c9743e38f46ad0d585e1217e43ecca80b2cefff70a557f5da551dd5510fb94568c55ee2c3228ba78cb0c36057bb30e384873dd625d47813214b3127070632ae1bc2db205d206f33f3a710fd8e16144a0e7e7139c139c02a4dae856c97d2e607", 0xc9, 0x8}, {&(0x7f0000000300)="72c79d0eabb77e3ed69e423d3b4f63857b7072b545b801e64c03920ab3ecb5f80dfa43842eba1b97f2dea5f01ce40142be8c05b8cddf85741cf78d8a4e15620885e66b2487a81316079210a627a94624aff6065eb30eeb60a36d0d3d702d869627728aa29a23dc92419ba40e152ed56c1f3aaf132fe5675e99713064633afbf004ddd12ca06a1617d6e9e9f5e75d14ea7284d1951c129a93bd8bf8fdca1b06098b08f3195b6359ab924b9d9b865d14f65196966006a6f702f80b8df71c9dc54a9c31111cb09811047a387baa2213b01befb90f2686b3ef3a49fcade20b78a3b9f8ad58c5128160479ebe11", 0xeb, 0x5}, {&(0x7f0000000400)="0d1d023fde6a658d54cf3d5e6e553cb84f9490b9104660d73dd5da8d7a4f0c58dce7473fcb06b846a6fc3b013574016be9ac9ca74c45f5af376ce727782dd09024627f0615824c26d5e4e71d3d0ad6c82d18e6dcecf7ba0d09177125f471fe074734a8441440c57dfe86f77881d3bec5a3e50d6e00acb27889e2b40de1d1f43f55aeab39400137221e6166c5baa62e18114855de3784a82bdf3841ec047b826e546f913eec1b566547a419d4a33d67b007af530e60c422d2d0cd652ae33ca286ae8d282036dea66f4a41444e7d7edc528b8dbe", 0xd3, 0x10001}, {&(0x7f0000000500)="e83e14db8cfc74288988cdaaf3f71b2bf634aad17a540016c1f6ec111e7af5229150bcfae243084c83c0633601f51d516dd2b095e62502410c8776927d5440e2b6633092d624e69f7256af26351f99fd1821dbbd1b3c3f036faf8b3f847d210f7a49954c9d11b3a2dafb61b88a58c90896ac2078a122f0961a5f90cb980ea621de6758844d99b0b8c3f39f2cf28250a31166399b15f3ec2782eadf08bb39d55bfefd43317be89e0f544daf44833cce6a06eecc37c38469c6d132dfdd123b456708793234d1df28db52547c35b52d4ea3f48961", 0xd3, 0x1000}, {&(0x7f0000000680)="0c6f4d60f852346d0ebabe3e6f04312f1040faecc00baf2c2849b004b2777a4a7e607019bb9db98c66bb7226c6830d9147582312c4ed1ce5072d678b405f72b69fda552f1669b87b6696669baa7f82e50fe995fb2c1d59b0143da662f8150b00d187523147bf", 0x66, 0x9}, {&(0x7f0000000700)="0492038a99f1062d539541ae86bdf8a3ec8f2ad05733491807daebe3a2f02f3db9ab39228ff5c5c972f7ee12af9214e978b9724695188e5fcd7f2d96a361cf0180ede5", 0x43, 0x9}], 0x10000, &(0x7f0000000a00)={[{@uquota='uquota'}, {@nobarrier='nobarrier'}, {@logbsize={'logbsize', 0x3d, [0x6f, 0x7f]}}, {@grpid='grpid'}, {@quota='quota'}], [{@uid_eq={'uid', 0x3d, r3}}, {@subj_type={'subj_type', 0x3d, 'GPL'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@uid_eq={'uid', 0x3d, r4}}, {@dont_appraise='dont_appraise'}, {@euid_lt={'euid<', r5}}]})
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r6 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='vboxnet1)(wlan1)}\x00', r0}, 0x10)
ioctl$EVIOCGMTSLOTS(r6, 0x8040450a, &(0x7f0000013000))

[ 3038.861786] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3038.868936] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3038.876397] Interruptibility = 00000000  ActivityState = 00000000
[ 3038.883586] *** Host State ***
[ 3038.887362] RIP = 0xffffffff811f9ed3  RSP = 0xffff880187e27390
[ 3038.903353] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
04:15:54 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000040))

04:15:54 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88caffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3038.912738] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3038.934157] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3038.940260] CR0=0000000080050033 CR3=0000000180ccf000 CR4=00000000001426f0
[ 3038.956158] XFS (loop5): unknown mount option [nobarrier].
[ 3038.973350] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3038.990615] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3038.998597] *** Control State ***
[ 3039.002082] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3039.017134] EntryControls=0000d1ff ExitControls=002fefff
[ 3039.022663] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3039.032967] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3039.040576] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3039.047683]         reason=80000021 qualification=0000000000000000
[ 3039.054015] IDTVectoring: info=00000000 errcode=00000000
[ 3039.054021] TSC Offset = 0xfffff9a2620f5ad7
[ 3039.054031] EPT pointer = 0x00000001a9a9601e
[ 3039.066096] XFS (loop5): unknown mount option [nobarrier].
04:15:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xffffff7f, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3039.167485] *** Guest State ***
[ 3039.171014] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3039.180900] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3039.190142] CR3 = 0x0000000000002000
[ 3039.199654] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3039.206159] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3039.213238] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3039.219295] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3039.225413] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3039.232921] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3039.241834] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:15:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf0ffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:55 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000001, 0x100000001)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x40, 0x0)
ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000480)='ip6tnl0\x00')
ioctl$TIOCLINUX3(r2, 0x541c, &(0x7f0000000240))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0)
accept4$unix(r3, 0x0, &(0x7f0000000100), 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000180)=0xf3a, &(0x7f00000001c0)=0x2)
fcntl$getownex(r0, 0x10, &(0x7f0000000280)={0x0, <r5=>0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000340)={{0xa, 0x5, 0x20, 0xd092, 'syz0\x00', 0x2}, 0x0, 0x20000004, 0xfffffffffffffffe, r5, 0x8, 0x80000001, 'syz1\x00', &(0x7f00000002c0)=['user*$posix_acl_access\x00', '\x00', '/dev/input/event#\x00', 'em0vmnet0,\x00', '/dev/input/event#\x00', '!\x00', ')bdev{\x00', '/dev/full\x00'], 0x5a, [], [0x1f, 0xf224, 0x1f, 0x3]})
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000140)=0x4)

[ 3039.280744] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.300490] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.316657] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.326839] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.335533] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3039.343907] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3039.352704] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3039.363671] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3039.374417] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3039.381055] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3039.388766] Interruptibility = 00000000  ActivityState = 00000000
[ 3039.395197] *** Host State ***
[ 3039.398678] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018934f390
[ 3039.404800] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3039.411447] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3039.419721] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3039.425619] CR0=0000000080050033 CR3=00000001d3635000 CR4=00000000001426f0
[ 3039.432800] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3039.439598] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3039.445660] *** Control State ***
[ 3039.449232] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3039.455896] EntryControls=0000d1ff ExitControls=002fefff
[ 3039.461391] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3039.468371] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3039.475020] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3039.481614]         reason=80000021 qualification=0000000000000000
[ 3039.488165] IDTVectoring: info=00000000 errcode=00000000
[ 3039.493598] TSC Offset = 0xfffff9a2181a4fff
[ 3039.497957] EPT pointer = 0x00000001b90b901e
04:15:55 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0xa0008000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:55 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x6000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:55 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000100)=""/156, &(0x7f0000000080)=0x9c)
r1 = userfaultfd(0xfffffffffffffffc)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000000c0)={<r2=>0xffffffffffffff9c})
setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000240)=0x1ff, 0x4)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x50})
pipe2(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80000)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000200)=0x1)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
getsockname$unix(r3, &(0x7f00000002c0)=@abs, &(0x7f0000000340)=0x6e)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000013000))

04:15:55 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x80000, 0x0)
ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000100)=""/164)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:15:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf00, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:55 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000400)=""/185)
r3 = fcntl$dupfd(r1, 0x406, r1)
recvmsg(r1, &(0x7f0000000380)={&(0x7f0000000100)=@ll={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)}, {&(0x7f00000001c0)=""/40, 0x28}, {&(0x7f0000000200)=""/119, 0x77}, {&(0x7f0000000280)=""/147, 0x93}], 0x4, 0x0, 0x0, 0x5}, 0x40002000)
ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f00000003c0)={r4, 0xa7, 0xffff, 0xf2, 0x8, 0x2, 0x1})

04:15:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x100000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3039.637102] *** Guest State ***
[ 3039.640486] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3039.655571] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3039.665136] CR3 = 0x0000000000002000
[ 3039.669111] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3039.675622] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:15:55 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x60, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3039.682822] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3039.689555] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3039.695519] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3039.706971] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3039.717276] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.725571] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.734028] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.742403] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.756828] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3039.765325] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3039.773364] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
04:15:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x400000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3039.782630] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3039.792230] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3039.800866] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3039.807857] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3039.815319] Interruptibility = 00000000  ActivityState = 00000000
[ 3039.821631] *** Host State ***
[ 3039.825180] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a8d97390
[ 3039.831375] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3039.837809] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3039.845600] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3039.851522] CR0=0000000080050033 CR3=000000018cfe6000 CR4=00000000001426f0
[ 3039.859758] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3039.866647] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3039.873088] *** Control State ***
[ 3039.876544] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
04:15:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3039.883250] EntryControls=0000d1ff ExitControls=002fefff
[ 3039.888750] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3039.895673] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3039.902373] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3039.909000]         reason=80000021 qualification=0000000000000000
[ 3039.915311] IDTVectoring: info=00000000 errcode=00000000
[ 3039.920791] TSC Offset = 0xfffff9a1db5c9ac3
[ 3039.925136] EPT pointer = 0x00000001ce32e01e
04:15:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xffffff7f00000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:56 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x8000a0]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:56 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xe80, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:56 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:56 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x4000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:56 executing program 4:
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000008, 0x31, r1, 0x0)
r2 = request_key(&(0x7f0000000100)='syzkaller\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='/dev/input/event#\x00', 0xfffffffffffffffa)
keyctl$clear(0x7, r2)
r3 = userfaultfd(0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000200)={<r4=>0xffffffffffffffff}, 0x13f, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000280)={0x7, 0x8, 0xfa00, {r4, 0xc14}}, 0x10)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r5 = dup3(r1, r0, 0x8000000080000)
ioctl$VT_GETMODE(r5, 0x5601, &(0x7f00000001c0))
r6 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x1f, 0x80000)
ioctl$EVIOCGMTSLOTS(r6, 0x8040450a, &(0x7f0000013000))
r7 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x40001)
ioctl$BLKRRPART(r7, 0x125f, 0x0)

04:15:56 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x400001, 0x12)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000080)={0x3})
r1 = userfaultfd(0x0)
syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0xdc, 0x80000)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:15:56 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
getsockname$packet(0xffffffffffffffff, &(0x7f0000007340)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000007380)=0x14)
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f00000073c0)={@remote, 0x4a, r3})
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc02c5341, &(0x7f0000000100))

04:15:56 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8864000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3040.547447] *** Guest State ***
[ 3040.551197] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3040.560753] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3040.579167] CR3 = 0x0000000000002000
[ 3040.585098] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:15:56 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x1a0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3040.593978] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3040.611855] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3040.618987] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3040.625196] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3040.640887] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3040.650107] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3040.656801] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3040.658371] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3040.663027] CPU: 1 PID: 10354 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3040.671129] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3040.679117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3040.679123] Call Trace:
[ 3040.679146]  dump_stack+0x244/0x3ab
[ 3040.679167]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3040.679196]  handle_userfault.cold.32+0x47/0x62
[ 3040.679221]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3040.687440] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3040.696529]  ? rb_erase_cached+0xc78/0x3720
[ 3040.696555]  ? userfaultfd_ctx_put+0x830/0x830
[ 3040.699335] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3040.702752]  ? attach_entity_load_avg+0x860/0x860
[ 3040.702769]  ? mark_held_locks+0x130/0x130
[ 3040.702788]  ? update_load_avg+0x387/0x2470
[ 3040.708211] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3040.712632]  ? find_lock_entry+0x2de/0x8e0
[ 3040.712653]  ? find_get_entry+0x1120/0x1120
[ 3040.712677]  ? mark_held_locks+0x130/0x130
[ 3040.717466] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3040.725218]  ? mark_held_locks+0x130/0x130
[ 3040.725244]  ? mark_held_locks+0x130/0x130
[ 3040.729798] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3040.734132]  shmem_getpage_gfp+0x3723/0x4840
[ 3040.734166]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3040.742327] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3040.746944]  ? __update_load_avg_se+0xae0/0xae0
[ 3040.746968]  ? update_load_avg+0x387/0x2470
[ 3040.746990]  ? attach_entity_load_avg+0x860/0x860
[ 3040.747004]  ? mark_held_locks+0x130/0x130
[ 3040.747028]  ? update_load_avg+0x387/0x2470
[ 3040.751461] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3040.755559]  ? mark_held_locks+0x130/0x130
[ 3040.755579]  ? attach_entity_load_avg+0x860/0x860
[ 3040.755599]  ? __mutex_lock+0x85e/0x16f0
[ 3040.763840] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3040.767812]  ? freezer_fork+0x1cc/0x600
[ 3040.767830]  ? mark_held_locks+0x130/0x130
[ 3040.767848]  ? mutex_trylock+0x2b0/0x2b0
[ 3040.767864]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3040.767877]  ? delete_node+0x307/0xdc0
[ 3040.767911]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3040.772440] Interruptibility = 00000000  ActivityState = 00000000
[ 3040.776443]  ? check_preemption_disabled+0x48/0x200
[ 3040.776469]  ? debug_smp_processor_id+0x1c/0x20
[ 3040.776488]  ? perf_trace_lock+0x14d/0x7a0
[ 3040.784701] *** Host State ***
[ 3040.788674]  ? cpuacct_charge+0x265/0x440
[ 3040.788734]  ? lock_downgrade+0x900/0x900
[ 3040.788751]  ? lock_is_held_type+0x210/0x210
[ 3040.788783]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3040.788802]  ? xas_start+0x23d/0x740
[ 3040.793237] RIP = 0xffffffff811f9ed3  RSP = 0xffff88019561f390
[ 3040.800982]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3040.800999]  ? xas_descend+0x201/0x510
[ 3040.801018]  ? xa_destroy+0x4d0/0x4d0
[ 3040.801037]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3040.801054]  ? task_numa_work+0xea0/0xea0
[ 3040.805735] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3040.810562]  ? check_preemption_disabled+0x48/0x200
[ 3040.810579]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3040.810597]  ? active_load_balance_cpu_stop+0x12e0/0x12e0
[ 3040.810611]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
04:15:56 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000008}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3040.810629]  ? lock_is_held_type+0x210/0x210
[ 3040.810649]  ? filemap_map_pages+0xd11/0x19b0
[ 3040.810679]  ? lock_downgrade+0x900/0x900
[ 3040.810708]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3040.810737]  ? set_next_entity+0xdc/0xc60
[ 3040.810749]  ? reweight_entity+0x10f0/0x10f0
[ 3040.810763]  ? update_load_avg+0x2470/0x2470
[ 3040.810784]  ? filemap_map_pages+0xd38/0x19b0
[ 3040.810808]  ? find_get_entries_tag+0x1400/0x1400
[ 3040.810827]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3040.810846]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3040.810863]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 3040.810877]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 3040.810899]  ? perf_sched_cb_inc+0x350/0x350
[ 3040.810922]  shmem_fault+0x25f/0x960
[ 3040.810946]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3040.810964]  ? trace_hardirqs_on+0xbd/0x310
[ 3040.810978]  ? kasan_check_read+0x11/0x20
[ 3040.810995]  ? finish_task_switch+0x1f5/0x900
[ 3040.811017]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3040.819737] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3040.823640]  ? compat_start_thread+0x80/0x80
[ 3040.823654]  ? dequeue_entity+0x17f0/0x17f0
[ 3040.823674]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3040.828211] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3040.832831]  __do_fault+0x100/0x6b0
[ 3040.832850]  ? _raw_spin_unlock_irq+0x60/0x80
[ 3040.832871]  ? finish_task_switch+0x1f5/0x900
[ 3040.837330] CR0=0000000080050033 CR3=00000001bd217000 CR4=00000000001426e0
[ 3040.841397]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3040.841417]  ? mark_held_locks+0x130/0x130
[ 3040.841436]  ? mark_held_locks+0x130/0x130
[ 3040.848078] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3040.852068]  ? __switch_to_asm+0x34/0x70
[ 3040.852081]  ? __switch_to_asm+0x40/0x70
[ 3040.852093]  ? __switch_to_asm+0x34/0x70
[ 3040.852110]  ? __switch_to_asm+0x34/0x70
[ 3040.857194] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3040.861014]  ? __switch_to_asm+0x40/0x70
[ 3040.861042]  ? __switch_to_asm+0x34/0x70
[ 3040.861054]  ? __switch_to_asm+0x40/0x70
[ 3040.861070]  ? __switch_to_asm+0x34/0x70
[ 3040.868723] *** Control State ***
[ 3040.872465]  ? __switch_to_asm+0x40/0x70
[ 3040.872484]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3040.872505]  __handle_mm_fault+0x3d40/0x5a40
[ 3040.877017] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3040.880811]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3040.880829]  ? lock_is_held_type+0x210/0x210
[ 3040.880846]  ? plist_check_head+0xea/0x150
[ 3040.886456] EntryControls=0000d1ff ExitControls=002fefff
[ 3040.890243]  ? plist_check_list+0xa0/0xa0
[ 3040.890261]  ? ring_buffer_record_is_on+0xe1/0x130
[ 3040.890276]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3040.890304]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3040.890321]  ? plist_check_head+0x150/0x150
[ 3040.896060] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3040.902070]  ? lock_is_held_type+0x210/0x210
[ 3040.902090]  ? handle_mm_fault+0x42a/0xc70
[ 3040.902107]  ? lock_downgrade+0x900/0x900
[ 3040.902121]  ? __do_page_fault+0xa0e/0xd10
[ 3040.902149]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3040.907411] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3040.911813]  ? lock_release+0xa10/0xa10
[ 3040.911829]  ? __do_page_fault+0x567/0xd10
[ 3040.911853]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3040.916153] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3040.919250]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3040.919267]  ? check_preemption_disabled+0x48/0x200
[ 3040.919290]  handle_mm_fault+0x54f/0xc70
[ 3040.919310]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3040.919326]  ? find_vma+0x34/0x190
[ 3040.923747]         reason=80000021 qualification=0000000000000000
[ 3040.927630]  __do_page_fault+0x567/0xd10
[ 3040.927655]  do_page_fault+0xed/0x7d1
[ 3040.927671]  ? vmalloc_sync_all+0x30/0x30
[ 3040.927686]  ? error_entry+0x76/0xd0
[ 3040.927717]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3040.932317] IDTVectoring: info=00000000 errcode=00000000
[ 3040.937637]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3040.937655]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3040.937681]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3040.937708]  page_fault+0x1e/0x30
[ 3040.941562] TSC Offset = 0xfffff9a15edb8e4e
[ 3040.947365] RIP: 0010:__get_user_4+0x21/0x30
[ 3040.947382] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3040.947392] RSP: 0018:ffff88018e5df830 EFLAGS: 00010206
[ 3040.947406] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc90003f42000
[ 3040.947415] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3040.947430] RBP: ffff88018e5dfb98 R08: 1ffff10031cbbee3 R09: 0000000000000000
[ 3040.953186] EPT pointer = 0x00000001d71da01e
[ 3040.956825] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff10031cbbf0e
[ 3040.956834] R13: ffff8801beb16e80 R14: 000000008040450a R15: 0000000000000000
[ 3040.956862]  ? __might_fault+0x1a3/0x1e0
[ 3040.956882]  ? evdev_do_ioctl+0x159d/0x2180
[ 3040.956905]  ? str_to_user+0x90/0x90
[ 3040.965769]  ? do_futex+0x249/0x26d0
[ 3040.965784]  ? kasan_check_read+0x11/0x20
[ 3040.965804]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3040.965823]  ? rcu_softirq_qs+0x20/0x20
[ 3040.976352]  ? unwind_dump+0x190/0x190
[ 3040.976374]  ? exit_robust_list+0x280/0x280
[ 3040.976396]  ? __fget+0x4aa/0x740
[ 3041.020097]  ? lock_downgrade+0x900/0x900
[ 3041.020121]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3041.020142]  ? save_stack+0x43/0xd0
[ 3041.028952]  ? __kasan_slab_free+0x102/0x150
[ 3041.028974]  ? __fget+0x4d1/0x740
[ 3041.028995]  ? ksys_dup3+0x680/0x680
[ 3041.029019]  evdev_ioctl_handler+0x144/0x1a0
[ 3041.029041]  evdev_ioctl+0x27/0x30
[ 3041.043885]  ? evdev_ioctl_compat+0x30/0x30
[ 3041.059773]  do_vfs_ioctl+0x1de/0x1720
[ 3041.059796]  ? ioctl_preallocate+0x300/0x300
[ 3041.059815]  ? __fget_light+0x2e9/0x430
[ 3041.077496]  ? fget_raw+0x20/0x20
[ 3041.077514]  ? _copy_to_user+0xc8/0x110
[ 3041.077550]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3041.077567]  ? put_timespec64+0x10f/0x1b0
[ 3041.077587]  ? nsecs_to_jiffies+0x30/0x30
[ 3041.086218]  ? security_file_ioctl+0x94/0xc0
[ 3041.086237]  ksys_ioctl+0xa9/0xd0
[ 3041.086257]  __x64_sys_ioctl+0x73/0xb0
[ 3041.167928]  do_syscall_64+0x1b9/0x820
[ 3041.167945]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3041.167963]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3041.167992]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3041.168025]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3041.168047]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3041.176152]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3041.176174]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3041.176194]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3041.632210] RIP: 0033:0x457519
04:15:57 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x8ef05aa2]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3041.635390] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3041.654276] RSP: 002b:00007ff39d978c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3041.661978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3041.669245] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000005
[ 3041.676505] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3041.683793] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff39d9796d4
[ 3041.691064] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
04:15:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:57 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x2)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80000)
getresuid(&(0x7f0000000180), &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000200))
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in=@local, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000000340)=0xe8)
r5 = geteuid()
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x2021, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_uid={'access', 0x3d, r3}}, {@version_9p2000='version=9p2000'}, {@access_uid={'access'}}, {@dfltuid={'dfltuid', 0x3d, r4}}, {@version_u='version=9p2000.u'}], [{@euid_lt={'euid<', r5}}, {@audit='audit'}, {@dont_appraise='dont_appraise'}]}})
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r6 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r6, 0x8040450a, &(0x7f0000013000))

04:15:57 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800008000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:57 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2000000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100004000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3041.977083] *** Guest State ***
[ 3041.980512] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3041.989734] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3041.998952] CR3 = 0x0000000000002000
[ 3042.002753] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3042.011506] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3042.018050] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3042.024152] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3042.030171] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3042.036892] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3042.044866] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3042.052874] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3042.060946] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3042.069048] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3042.077108] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3042.085081] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3042.093138] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3042.101154] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3042.111757] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3042.119864] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3042.126341] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3042.134020] Interruptibility = 00000000  ActivityState = 00000000
[ 3042.140306] *** Host State ***
[ 3042.143505] RIP = 0xffffffff811f9ed3  RSP = 0xffff880173a07390
[ 3042.149575] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3042.155985] FSBase=00007fcd69164700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3042.163799] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3042.169747] CR0=0000000080050033 CR3=00000001d80f8000 CR4=00000000001426f0
[ 3042.176807] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3042.183471] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3042.189558] *** Control State ***
[ 3042.193010] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3042.199731] EntryControls=0000d1ff ExitControls=002fefff
[ 3042.205183] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3042.212172] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3042.218866] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3042.225428]         reason=80000021 qualification=0000000000000000
[ 3042.231764] IDTVectoring: info=00000000 errcode=00000000
[ 3042.237243] TSC Offset = 0xfffff9a095fc861b
[ 3042.241555] EPT pointer = 0x00000001c52c901e
04:15:59 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x1a0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:15:59 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x300000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:15:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:15:59 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:15:59 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x1fe, &(0x7f0000000100)="153f6234488d03000000000000007f796b8f142cbba1be5a6e13b0eafde6e6ab355df0c13c1c0000744e6a43ef573555ab77de771c3b26022bc09a2a85340b81e49aabe083cb34f0ac2d4cab17e35ee931ac1320e80d7b41aa823ed72c09b4ba2803d57055f1a539702ce58e72b19a4933aa15c660ff8508797bb5ef43c7a9f9b004d06d71")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:15:59 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x109000, 0x0)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000100)=0x80000001, 0x4)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = semget$private(0x0, 0x2, 0x402)
semop(r2, &(0x7f0000000140)=[{0x6, 0xd830, 0x1000}, {0x1, 0x9808, 0x1000}], 0x2)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000180)=@req={0x4, 0x1, 0x9, 0x8001}, 0x10)

[ 3043.807328] *** Guest State ***
[ 3043.814561] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3043.824081] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3043.833100] CR3 = 0x0000000000002000
[ 3043.837006] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3043.843593] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3043.850645] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:15:59 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x9effffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3043.866738] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3043.872815] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3043.880767] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3043.889018] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3043.897157] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3043.905186] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3043.913257] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3043.921323] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3043.929345] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3043.937583] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3043.945584] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3043.953614] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3043.961620] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3043.968074] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3043.975539] Interruptibility = 00000000  ActivityState = 00000000
[ 3043.981815] *** Host State ***
[ 3043.985029] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a8d97390
[ 3043.991064] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3043.997534] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3044.005341] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3044.011277] CR0=0000000080050033 CR3=000000019814b000 CR4=00000000001426f0
[ 3044.018326] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3044.025002] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3044.031105] *** Control State ***
[ 3044.034569] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3044.041306] EntryControls=0000d1ff ExitControls=002fefff
[ 3044.046835] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3044.053782] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3044.060510] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:15:59 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3044.067157]         reason=80000021 qualification=0000000000000000
[ 3044.073484] IDTVectoring: info=00000000 errcode=00000000
[ 3044.078994] TSC Offset = 0xfffff99f9f0cf133
[ 3044.083327] EPT pointer = 0x0000000133c4601e
04:16:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xd, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:00 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd01}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:00 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf0ffffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:00 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3044.284777] *** Guest State ***
[ 3044.288453] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3044.297668] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3044.306895] CR3 = 0x0000000000000000
[ 3044.310812] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3044.317384] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3044.323493] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
04:16:00 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x3000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3044.330341] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.338479] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.346572] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.355329] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.363474] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.371665] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x3, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3044.379875] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3044.388052] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.396126] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3044.404242] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.412338] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3044.418890] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3044.426987] Interruptibility = 00000000  ActivityState = 00000000
[ 3044.433419] *** Host State ***
[ 3044.436783] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018c4f7390
[ 3044.442885] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3044.450243] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3044.461860] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3044.467938] CR0=0000000080050033 CR3=00000001c44d1000 CR4=00000000001426f0
[ 3044.475013] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3044.481760] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3044.488223] *** Control State ***
[ 3044.491679] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3044.498406] EntryControls=0000d1ff ExitControls=002fefff
[ 3044.503868] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3044.511274] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3044.518029] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3044.524632]         reason=80000021 qualification=0000000000000000
04:16:00 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x110000e000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3044.531548] IDTVectoring: info=00000000 errcode=00000000
[ 3044.537655] TSC Offset = 0xfffff99f573126ea
[ 3044.542257] EPT pointer = 0x00000001d3f7b01e
04:16:00 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:00 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:00 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fuse\x00', 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000340)=ANY=[@ANYPTR=&(0x7f00000003c0)=ANY=[@ANYRES16=r0, @ANYRES64=r0, @ANYRES16=r1, @ANYBLOB="241c03000000000000005e434176af3519f15bc9a93bc784a2e41a3f6f92e2a98d9a914f41960c00c8a9bd9e4f56b513846ee6fdd4b312b338c595d1acb6d688867cf163f1add893d42b3b9eb10c3617ab2b688b71344adaad99ee9f0da6f51009d522727a333ebbf7ede0ccf11ee6ab3bc83a4e9a956c0da29d7cfc34c0f2beaffa07914a67d8e8215b1ba2783db4e462aeb66c3a6ae8ad00437ac27749c01147a0b007000000765e6c4bf7847134dd9cf713b751670849d3b54615026ccda3311c53e1921749e3eb1e5b14dc748b36b35278cb002965a5527d9cf7989df2c042703f91f994d3d8a25ebec8c70ecfea53197a410a1a24d49867c6047bb2b7b7082f2422f16c79469cd2906f02a4323c4570f48f4c1000f0ff462e84ac5ed4381b2db47b8414745fcf398b4c5ed47b983808a13b5dae0b4df8f0d94cb51809c9105a5b8d2d68327fc2", @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYRESHEX=r0]]], 0xf)
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x181100, 0x0)
ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000140)={0x9, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}, {0x2, 0x4e24, @remote}, 0x0, 0x172, 0x7, 0x6, 0x3, &(0x7f0000000100)='team0\x00', 0x3a60000000000, 0x3, 0x3ff})

04:16:00 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000040), 0x4)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
fcntl$setsig(r1, 0xa, 0x2f)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x41, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3044.651514] *** Guest State ***
[ 3044.654876] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3044.668855] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3044.678078] CR3 = 0x0000000000002000
[ 3044.681829] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3044.688395] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:00 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x300000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3044.710991] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3044.717442] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3044.723446] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3044.730653] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3044.738914] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3044.747014] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3044.755012] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3044.755032] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3044.755051] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3044.755066] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3044.794980] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3044.803178] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3044.811657] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3044.819827] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3044.826249] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3044.833770] Interruptibility = 00000000  ActivityState = 00000000
[ 3044.840030] *** Host State ***
[ 3044.843224] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018c4f7390
[ 3044.849348] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3044.855764] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3044.863594] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3044.869509] CR0=0000000080050033 CR3=000000019c916000 CR4=00000000001426f0
[ 3044.876533] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3044.883247] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3044.889347] *** Control State ***
[ 3044.892858] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3044.899569] EntryControls=0000d1ff ExitControls=002fefff
[ 3044.905040] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:00 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x9371, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:00 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x5})
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x20802, 0x0)
r2 = accept4$inet(r1, &(0x7f00000002c0)={0x2, 0x0, @loopback}, &(0x7f0000000280)=0x4, 0x80800)
ioctl$sock_inet_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000100))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:00 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x7, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x13})
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:00 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3044.912176] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3044.918947] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3044.925687]         reason=80000021 qualification=0000000000000000
[ 3044.932110] IDTVectoring: info=00000000 errcode=00000000
[ 3044.946865] TSC Offset = 0xfffff99f2938dd38
[ 3044.951213] EPT pointer = 0x000000018b8b501e
04:16:00 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socket$rds(0x15, 0x5, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000080))
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x40180, 0x0)
ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0)
getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000080)={@dev}, &(0x7f0000000100)=0x14)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3045.034024] *** Guest State ***
[ 3045.037741] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3045.046607] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3045.055586] CR3 = 0x0000000000002000
[ 3045.059866] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3045.066411] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3045.076808] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:01 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r3 = accept(r1, &(0x7f0000000440)=@alg, &(0x7f0000000400)=0x176)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000180)={0xe93, 0x8004, 0x2, 0x2, <r4=>0x0}, &(0x7f00000001c0)=0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000200)={r4, @in={{0x2, 0x4e20, @remote}}, 0x9, 0x3f}, &(0x7f00000002c0)=0x90)

04:16:01 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x28000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3045.094593] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3045.142657] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3045.157632] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3045.168370] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.176375] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.185082] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.193350] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.201624] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.209762] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3045.217786] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3045.225778] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3045.233795] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3045.241795] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3045.248267] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3045.255749] Interruptibility = 00000000  ActivityState = 00000000
[ 3045.262029] *** Host State ***
[ 3045.265239] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6727390
[ 3045.271260] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3045.277718] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3045.285519] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3045.291449] CR0=0000000080050033 CR3=00000001d7c12000 CR4=00000000001426f0
[ 3045.298502] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3045.305164] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3045.311656] *** Control State ***
[ 3045.315154] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3045.321882] EntryControls=0000d1ff ExitControls=002fefff
[ 3045.327605] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3045.334529] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3045.341231] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3045.347859]         reason=80000021 qualification=0000000000000000
[ 3045.354171] IDTVectoring: info=00000000 errcode=00000000
[ 3045.360039] TSC Offset = 0xfffff99ef1a808f2
[ 3045.364375] EPT pointer = 0x0000000173a5801e
04:16:01 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x27a333bae12]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:01 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:01 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2800, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3045.651840] *** Guest State ***
[ 3045.655161] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3045.664535] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3045.673470] CR3 = 0x0000000000002000
[ 3045.677252] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3045.683922] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3045.690496] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:01 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xfffffff0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3045.696623] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3045.703105] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3045.711439] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3045.719503] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.727557] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.735553] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.744064] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.752501] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3045.760645] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3045.768780] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3045.777053] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3045.785188] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3045.793321] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3045.799850] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3045.807498] Interruptibility = 00000000  ActivityState = 00000000
[ 3045.813751] *** Host State ***
[ 3045.817032] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6727390
[ 3045.823030] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3045.829489] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3045.837338] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3045.843225] CR0=0000000080050033 CR3=00000001be221000 CR4=00000000001426e0
[ 3045.850823] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3045.857554] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3045.863621] *** Control State ***
[ 3045.867137] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3045.873834] EntryControls=0000d1ff ExitControls=002fefff
[ 3045.879354] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3045.886296] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3045.893011] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:01 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:01 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffdd86, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3045.899617]         reason=80000021 qualification=0000000000000000
[ 3045.905935] IDTVectoring: info=00000000 errcode=00000000
[ 3045.911427] TSC Offset = 0xfffff99e9ba03117
[ 3045.915763] EPT pointer = 0x00000001c96d401e
04:16:01 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x9371000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3046.036936] *** Guest State ***
[ 3046.040373] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3046.049382] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3046.058335] CR3 = 0x0000000000002000
[ 3046.062139] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:16:01 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240)='/dev/hwrng\x00', 0x40, 0x0)
ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000000280)={&(0x7f0000a89000/0x6000)=nil, 0xfff, 0x1, 0x20, &(0x7f00005f7000/0x3000)=nil, 0x3})
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
r3 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x10001, 0x2)
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f00000001c0)={<r4=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r3, 0x4010641c, &(0x7f0000000200)={r4, &(0x7f0000000680)=""/4096})
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r3, 0x28, 0x2, &(0x7f0000000180), 0x8)
ioctl$KVM_GET_PIT(r3, 0xc048ae65, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000000240))

04:16:01 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
mmap(&(0x7f00006b9000/0x1000)=nil, 0x1000, 0x1, 0x30, r0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x2})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x262000, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x1f, &(0x7f0000000100)=0x401, 0x4)
ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0106401, &(0x7f0000000240)={0xdd, &(0x7f0000000140)=""/221})
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000140))
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000280)={'TPROXY\x00'}, &(0x7f00000002c0)=0x1e)

04:16:02 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xa0010000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3046.084157] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3046.104020] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3046.119247] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3046.139912] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3046.148230] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3046.157275] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.165494] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.173841] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.182534] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:02 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8035000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3046.192124] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.200321] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3046.214575] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3046.222714] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3046.231593] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3046.239777] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3046.247005] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3046.254891] Interruptibility = 00000000  ActivityState = 00000000
[ 3046.261647] *** Host State ***
[ 3046.278457] RIP = 0xffffffff811f9ed3  RSP = 0xffff88016a80f390
[ 3046.287911] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3046.294342] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3046.308114] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3046.314559] CR0=0000000080050033 CR3=00000001a4328000 CR4=00000000001426e0
[ 3046.321769] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3046.328556] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3046.334623] *** Control State ***
[ 3046.338616] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3046.345282] EntryControls=0000d1ff ExitControls=002fefff
[ 3046.350787] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3046.357762] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3046.364423] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3046.371033]         reason=80000021 qualification=0000000000000000
[ 3046.377378] IDTVectoring: info=00000000 errcode=00000000
[ 3046.382823] TSC Offset = 0xfffff99e6ca4a269
[ 3046.387172] EPT pointer = 0x00000001c7ab301e
04:16:02 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:02 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x1, 0x0)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000000080)=0x3)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
socket$alg(0x26, 0x5, 0x0)

04:16:02 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x80f, 0x5)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:02 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x93710000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:02 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x81000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:02 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0xfffffffffffffffe)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x80000, 0x0)
recvfrom$llc(r1, &(0x7f0000000140)=""/12, 0xc, 0x1, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000080)='threaded\x00', 0x9)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:02 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x3f000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:02 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x14fa82ed1a0d60ec, 0x0)
close(r0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:02 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2000, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)

04:16:02 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3046.757281] *** Guest State ***
[ 3046.760617] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3046.772878] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3046.782115] CR3 = 0x0000000000002000
[ 3046.785908] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3046.792513] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3046.799170] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3046.805158] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3046.811621] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3046.818414] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3046.826396] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.834401] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.842576] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.850592] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.858597] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3046.866565] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3046.874728] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3046.882776] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3046.891032] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3046.899046] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3046.905468] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3046.912974] Interruptibility = 00000000  ActivityState = 00000000
[ 3046.919246] *** Host State ***
[ 3046.922451] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801814bf390
[ 3046.928495] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3046.934919] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3046.942777] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3046.950712] CR0=0000000080050033 CR3=0000000188a0d000 CR4=00000000001426f0
[ 3046.957791] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3046.964471] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3046.970557] *** Control State ***
[ 3046.974018] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3046.980742] EntryControls=0000d1ff ExitControls=002fefff
[ 3046.986206] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3046.993164] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3046.999885] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3047.006925]         reason=80000021 qualification=0000000000000000
[ 3047.013390] IDTVectoring: info=00000000 errcode=00000000
[ 3047.018888] TSC Offset = 0xfffff99e08d4820c
[ 3047.023220] EPT pointer = 0x00000001c824001e
04:16:03 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:03 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:03 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x4000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:03 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:03 executing program 5:
mmap(&(0x7f000037d000/0x13000)=nil, 0x13000, 0xfffffe, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
tee(r0, r1, 0xffffffffffffffff, 0x9)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3047.457217] *** Guest State ***
[ 3047.461888] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3047.473779] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3047.483053] CR3 = 0x0000000000002000
[ 3047.487174] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3047.493850] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:03 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xffffffffa0010000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:03 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x400002, 0x0)
r2 = getpgrp(0x0)
getpgrp(r2)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000240)={'nat\x00', 0x0, 0x4, 0xba, [], 0x4, &(0x7f0000000140)=[{}, {}, {}, {}], &(0x7f0000000180)=""/186}, &(0x7f00000002c0)=0x78)
ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f0000000080)=0x3)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000340), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
write$P9_RCREATE(r1, &(0x7f0000000100)={0x18, 0x73, 0x2, {{0x0, 0x0, 0x7}, 0x1}}, 0x18)
getpeername$packet(r1, &(0x7f00000003c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000440)={@local, r4}, 0x14)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3047.505787] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3047.513071] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3047.519797] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3047.526658] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3047.536132] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3047.571934] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3047.580526] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3047.589357] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3047.597759] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3047.605906] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3047.614033] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
04:16:03 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e22, 0xc944, @remote, 0x2}, @in={0x2, 0x4e22, @broadcast}], 0x3c)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:03 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x800e, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3047.622128] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3047.636808] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3047.654368] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:03 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
unshare(0x10000000)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:03 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf00000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3047.668438] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3047.688954] Interruptibility = 00000000  ActivityState = 00000000
[ 3047.712624] *** Host State ***
[ 3047.715879] RIP = 0xffffffff811f9ed3  RSP = 0xffff88011408f390
[ 3047.722560] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3047.730332] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3047.743719] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3047.751236] CR0=0000000080050033 CR3=0000000117626000 CR4=00000000001426f0
[ 3047.758808] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3047.765577] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
04:16:03 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xfffffffffffffffe})
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000040)={<r3=>0x0, 0x2}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000400)={r3, 0x9, 0x0, 0xda4, 0x0, 0x1f, 0x6d9e, 0x2, {r3, @in={{0x2, 0x4e23, @remote}}, 0xefea, 0x10001, 0xd4d, 0x4, 0x4}}, &(0x7f0000000140)=0xb0)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000003c0)=@assoc_id=<r4=>0x0, &(0x7f0000000380)=0x1)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000200)={r3, 0x1f, 0x2, 0x1, 0xfffffffffffffff9, 0x9, 0x3, 0x9, {r4, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xd}}}, 0x31c, 0x5, 0x0, 0x100, 0x11}}, &(0x7f00000002c0)=0xb0)

[ 3047.772137] *** Control State ***
[ 3047.775831] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3047.784028] EntryControls=0000d1ff ExitControls=002fefff
[ 3047.792678] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3047.800110] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3047.807482] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3047.814231]         reason=80000021 qualification=0000000000000000
[ 3047.820859] IDTVectoring: info=00000000 errcode=00000000
[ 3047.826314] TSC Offset = 0xfffff99da7ee3db6
[ 3047.831951] EPT pointer = 0x00000001cf17701e
04:16:04 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:04 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x200000000000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:04 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffa888, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3048.366381] *** Guest State ***
[ 3048.370380] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3048.379667] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3048.388669] CR3 = 0x0000000000002000
[ 3048.392424] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3048.399085] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3048.405620] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3048.413596] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3048.419642] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3048.426325] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3048.434392] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3048.442404] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3048.450469] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3048.459004] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:04 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0xf0ffffff00000000, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3048.467067] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3048.475196] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3048.483274] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3048.491362] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3048.499420] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3048.507486] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3048.513907] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3048.521407] Interruptibility = 00000000  ActivityState = 00000000
[ 3048.527712] *** Host State ***
[ 3048.530919] RIP = 0xffffffff811f9ed3  RSP = 0xffff88016a80f390
[ 3048.536940] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3048.543366] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3048.551202] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
04:16:04 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x5000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3048.568854] CR0=0000000080050033 CR3=00000001d59a1000 CR4=00000000001426f0
[ 3048.576073] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3048.585512] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3048.591631] *** Control State ***
[ 3048.595095] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3048.601816] EntryControls=0000d1ff ExitControls=002fefff
[ 3048.607371] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:04 executing program 4:
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xa, 0x3d, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x3})
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000100)={0x10001, 0xfffffffffffffffc, 0x2, 0x0, 0x0, [{r0, 0x0, 0xbfb9}, {r0, 0x0, 0x4}]})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3048.614313] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3048.621177] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3048.627811]         reason=80000021 qualification=0000000000000000
[ 3048.627819] IDTVectoring: info=00000000 errcode=00000000
[ 3048.627826] TSC Offset = 0xfffff99d272ca025
[ 3048.627835] EPT pointer = 0x00000001ada9701e
04:16:04 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x1a0ffffffff, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:04 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
socket$rds(0x15, 0x5, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
getsockopt$inet6_tcp_buf(r1, 0x6, 0x3d, &(0x7f0000000680)=""/4096, &(0x7f0000000040)=0x1000)

04:16:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000040}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:04 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x80000001})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000140))

04:16:05 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff91]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d0000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:05 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8100, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:05 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x8000a0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:05 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x8020000, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3049.267003] *** Guest State ***
[ 3049.270496] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3049.279434] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3049.300639] CR3 = 0x0000000000002000
[ 3049.304413] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:16:05 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa00, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3049.316445] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3049.327687] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3049.333738] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3049.346898] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3049.362992] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3049.376043] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3049.389013] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3049.397458] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3049.405848] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3049.414793] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3049.423453] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3049.431930] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3049.440318] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3049.448731] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3049.457146] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3049.463718] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3049.471593] Interruptibility = 00000000  ActivityState = 00000000
[ 3049.478247] *** Host State ***
[ 3049.481588] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801814bf390
[ 3049.488098] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3049.494652] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3049.503018] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3049.509422] CR0=0000000080050033 CR3=0000000186d2b000 CR4=00000000001426e0
[ 3049.516910] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3049.523731] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3049.530359] *** Control State ***
[ 3049.533942] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3049.541931] EntryControls=0000d1ff ExitControls=002fefff
[ 3049.547475] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3049.554483] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3049.561242] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3049.567850]         reason=80000021 qualification=0000000000000000
[ 3049.574167] IDTVectoring: info=00000000 errcode=00000000
[ 3049.579722] TSC Offset = 0xfffff99cb3045733
[ 3049.584053] EPT pointer = 0x000000018be3001e
[ 3050.317150] device bridge_slave_1 left promiscuous mode
[ 3050.322773] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3050.377315] device bridge_slave_0 left promiscuous mode
[ 3050.382800] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3051.341588] team0 (unregistering): Port device team_slave_1 removed
[ 3051.350440] team0 (unregistering): Port device team_slave_0 removed
[ 3051.360365] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 3051.399134] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 3051.448617] bond0 (unregistering): Released all slaves
04:16:08 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x88000, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000001840)={'bpq0\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000001880)={0x7, 0xe, &(0x7f0000000100)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x1e}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, @alu={0x7, 0x3, 0x6, 0x7, 0xd, 0xffffffffffffffff, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x3b}, @map={0x18, 0x0, 0x1, 0x0, r1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xf97}], &(0x7f0000000080)='syzkaller\x00', 0xb41f, 0x80, &(0x7f0000000180)=""/128, 0x0, 0x1, [], r2, 0xc}, 0x48)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:08 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:08 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:08 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x200000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:08 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fstat(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0xe8)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000440)={0x0, <r7=>0x0}, &(0x7f0000000480)=0xc)
lstat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
fstat(r1, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
r11 = getegid()
fstat(r1, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0})
stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0})
fsetxattr$system_posix_acl(r1, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000840)={{}, {0x1, 0x2}, [{0x2, 0x1, r3}, {0x2, 0x1, r4}, {0x2, 0x4, r5}, {0x2, 0x4, r6}, {0x2, 0x6, r7}], {0x4, 0x2}, [{0x8, 0x5, r8}, {0x8, 0x0, r9}, {0x8, 0x6, r10}, {0x8, 0x2, r11}, {0x8, 0x7, r12}, {0x8, 0x0, r13}], {0x10, 0x4}, {0x20, 0x1}}, 0x7c, 0x2)

[ 3052.350006] IPVS: ftp: loaded support on port[0] = 21
[ 3052.357002] *** Guest State ***
[ 3052.363324] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3052.373049] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3052.382414] CR3 = 0x0000000000002000
[ 3052.386316] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3052.393174] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:08 executing program 5:
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x20000, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3052.400506] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3052.427357] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3052.433371] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
04:16:08 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:08 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x89060000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3052.445743] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3052.454903] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3052.463133] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3052.471398] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3052.479541] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3052.507883] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3052.515885] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3052.515905] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3052.515919] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3052.515937] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3052.515951] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3052.553588] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3052.562825] Interruptibility = 00000000  ActivityState = 00000000
[ 3052.569441] *** Host State ***
[ 3052.572947] RIP = 0xffffffff811f9ed3  RSP = 0xffff88012c9d7390
[ 3052.579783] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3052.586320] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3052.594732] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3052.601002] CR0=0000000080050033 CR3=000000018cdc3000 CR4=00000000001426e0
04:16:08 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8864, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:08 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3052.608957] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3052.616529] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3052.623129] *** Control State ***
[ 3052.639480] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3052.652921] EntryControls=0000d1ff ExitControls=002fefff
[ 3052.659092] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3052.664158] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3052.670752] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3052.679035] CPU: 0 PID: 10850 Comm: syz-executor5 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3052.681433] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3052.687558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3052.687565] Call Trace:
[ 3052.687593]  dump_stack+0x244/0x3ab
[ 3052.687619]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3052.687654]  handle_userfault.cold.32+0x47/0x62
[ 3052.694366]         reason=80000021 qualification=0000000000000000
[ 3052.703606]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3052.703635]  ? rb_erase_cached+0xc78/0x3720
[ 3052.703656]  ? userfaultfd_ctx_put+0x830/0x830
[ 3052.706316] IDTVectoring: info=00000000 errcode=00000000
[ 3052.709893]  ? find_lock_entry+0x2de/0x8e0
[ 3052.709919]  ? find_get_entry+0x1120/0x1120
[ 3052.716305] TSC Offset = 0xfffff99b0992d6a2
04:16:08 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3052.719777]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.719794]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.719811]  ? check_preemption_disabled+0x48/0x200
[ 3052.719833]  ? mark_held_locks+0x130/0x130
[ 3052.726251] EPT pointer = 0x00000001a8cc501e
[ 3052.730749]  ? perf_trace_lock+0x14d/0x7a0
[ 3052.730771]  ? lock_is_held_type+0x210/0x210
[ 3052.730789]  ? mark_held_locks+0x130/0x130
[ 3052.730811]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.739731]  ? check_preemption_disabled+0x48/0x200
[ 3052.739748]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.739763]  ? check_preemption_disabled+0x48/0x200
[ 3052.739790]  shmem_getpage_gfp+0x3723/0x4840
[ 3052.749465]  ? perf_trace_lock+0x14d/0x7a0
[ 3052.749500]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3052.749514]  ? __update_load_avg_se+0xae0/0xae0
[ 3052.749537]  ? update_load_avg+0x387/0x2470
[ 3052.787181]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.787206]  ? attach_entity_load_avg+0x860/0x860
[ 3052.795864]  ? mark_held_locks+0x130/0x130
[ 3052.816982]  ? update_load_avg+0x387/0x2470
[ 3052.816998]  ? lock_is_held_type+0x210/0x210
[ 3052.817012]  ? mark_held_locks+0x130/0x130
[ 3052.817035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.825713]  ? attach_entity_load_avg+0x860/0x860
[ 3052.825732]  ? debug_smp_processor_id+0x1c/0x20
[ 3052.825748]  ? perf_trace_lock+0x14d/0x7a0
[ 3052.825770]  ? __mutex_lock+0x85e/0x16f0
[ 3052.867515]  ? freezer_fork+0x1cc/0x600
[ 3052.867535]  ? mark_held_locks+0x130/0x130
[ 3052.867549]  ? lock_is_held_type+0x210/0x210
[ 3052.867565]  ? check_preemption_disabled+0x48/0x200
[ 3052.867584]  ? debug_smp_processor_id+0x1c/0x20
[ 3052.877977]  ? perf_trace_lock+0x14d/0x7a0
[ 3052.877999]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.878014]  ? check_preemption_disabled+0x48/0x200
[ 3052.878033]  ? debug_smp_processor_id+0x1c/0x20
[ 3052.932932]  ? perf_trace_lock+0x14d/0x7a0
[ 3052.932947]  ? cpuacct_charge+0x265/0x440
[ 3052.932970]  ? lock_downgrade+0x900/0x900
[ 3052.932990]  ? lock_is_held_type+0x210/0x210
[ 3052.941385]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3052.941403]  ? xas_start+0x23d/0x740
[ 3052.941425]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3052.964797]  ? xas_descend+0x201/0x510
[ 3052.968719]  ? xa_destroy+0x4d0/0x4d0
[ 3052.972534]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3052.977458]  ? task_numa_work+0xea0/0xea0
[ 3052.981605]  ? check_preemption_disabled+0x48/0x200
[ 3052.986619]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3052.992281]  ? active_load_balance_cpu_stop+0x12e0/0x12e0
[ 3052.997821]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3053.003358]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3053.008905]  ? xas_load+0x43/0x1e0
[ 3053.012460]  ? filemap_map_pages+0xd11/0x19b0
[ 3053.016975]  ? lock_downgrade+0x900/0x900
[ 3053.021231]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3053.026171]  ? set_next_entity+0xdc/0xc60
[ 3053.030331]  ? reweight_entity+0x10f0/0x10f0
[ 3053.034747]  ? update_load_avg+0x2470/0x2470
[ 3053.039247]  ? filemap_map_pages+0xd38/0x19b0
[ 3053.043755]  ? find_get_entries_tag+0x1400/0x1400
[ 3053.048595]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3053.054130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3053.059661]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 3053.065025]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 3053.070230]  ? perf_sched_cb_inc+0x350/0x350
[ 3053.074637]  shmem_fault+0x25f/0x960
[ 3053.078363]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3053.083670]  ? trace_hardirqs_on+0xbd/0x310
[ 3053.088014]  ? kasan_check_read+0x11/0x20
[ 3053.092176]  ? finish_task_switch+0x1f5/0x900
[ 3053.096819]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3053.101931]  ? compat_start_thread+0x80/0x80
[ 3053.106348]  __do_fault+0x100/0x6b0
[ 3053.109970]  ? _raw_spin_unlock_irq+0x60/0x80
[ 3053.114469]  ? finish_task_switch+0x1f5/0x900
[ 3053.118972]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3053.124062]  ? mark_held_locks+0x130/0x130
[ 3053.128287]  ? mark_held_locks+0x130/0x130
[ 3053.132523]  ? __switch_to_asm+0x34/0x70
[ 3053.136584]  ? __switch_to_asm+0x40/0x70
[ 3053.140672]  ? __switch_to_asm+0x34/0x70
[ 3053.144740]  ? __switch_to_asm+0x34/0x70
[ 3053.148785]  ? __switch_to_asm+0x40/0x70
[ 3053.152858]  ? __switch_to_asm+0x34/0x70
[ 3053.156916]  ? __switch_to_asm+0x40/0x70
[ 3053.160959]  ? __switch_to_asm+0x34/0x70
[ 3053.165010]  ? __switch_to_asm+0x40/0x70
[ 3053.169061]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3053.174584]  __handle_mm_fault+0x3d40/0x5a40
[ 3053.178987]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3053.183816]  ? lock_is_held_type+0x210/0x210
[ 3053.188212]  ? plist_check_head+0xea/0x150
[ 3053.192430]  ? plist_check_list+0xa0/0xa0
[ 3053.196587]  ? ring_buffer_record_is_on+0xe1/0x130
[ 3053.201512]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3053.205998]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3053.211354]  ? handle_mm_fault+0x42a/0xc70
[ 3053.215608]  ? lock_downgrade+0x900/0x900
[ 3053.219751]  ? __do_page_fault+0xa0e/0xd10
[ 3053.223981]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3053.228901]  ? unregister_trace_event+0x3c0/0x470
[ 3053.233743]  ? lock_release+0xa10/0xa10
[ 3053.237712]  ? __do_page_fault+0x567/0xd10
[ 3053.241939]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3053.247038]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3053.252566]  ? check_preemption_disabled+0x48/0x200
[ 3053.257573]  handle_mm_fault+0x54f/0xc70
[ 3053.261628]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3053.266199]  ? find_vma+0x34/0x190
[ 3053.269735]  __do_page_fault+0x567/0xd10
[ 3053.273801]  do_page_fault+0xed/0x7d1
[ 3053.277596]  ? vmalloc_sync_all+0x30/0x30
[ 3053.281737]  ? error_entry+0x76/0xd0
[ 3053.285440]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3053.290451]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3053.295286]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3053.300290]  ? lock_is_held_type+0x210/0x210
[ 3053.304714]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3053.309552]  page_fault+0x1e/0x30
[ 3053.313038] RIP: 0010:__get_user_4+0x21/0x30
[ 3053.317440] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3053.336334] RSP: 0018:ffff88011e2ff830 EFLAGS: 00010206
[ 3053.341711] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc90009eb6000
[ 3053.348981] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3053.356250] RBP: ffff88011e2ffb98 R08: 1ffff10023c5fee3 R09: 0000000000000000
[ 3053.363513] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff10023c5ff0e
[ 3053.370778] R13: ffff8801bf49f4c0 R14: 000000008040450a R15: 0000000000000000
[ 3053.378055]  ? __might_fault+0x1a3/0x1e0
[ 3053.382118]  ? evdev_do_ioctl+0x159d/0x2180
[ 3053.386439]  ? str_to_user+0x90/0x90
[ 3053.390150]  ? do_futex+0x249/0x26d0
[ 3053.393868]  ? kasan_check_read+0x11/0x20
[ 3053.398018]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3053.403292]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3053.408885]  ? check_preemption_disabled+0x48/0x200
[ 3053.413900]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3053.419436]  ? check_preemption_disabled+0x48/0x200
[ 3053.424453]  ? debug_smp_processor_id+0x1c/0x20
[ 3053.429123]  ? lock_is_held_type+0x210/0x210
[ 3053.433546]  ? __fget+0x4aa/0x740
[ 3053.436997]  ? lock_downgrade+0x900/0x900
[ 3053.441147]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3053.446076]  ? save_stack+0x43/0xd0
[ 3053.449742]  ? __fget+0x4d1/0x740
[ 3053.453282]  ? ksys_dup3+0x680/0x680
[ 3053.456998]  evdev_ioctl_handler+0x144/0x1a0
[ 3053.461408]  evdev_ioctl+0x27/0x30
[ 3053.464946]  ? evdev_ioctl_compat+0x30/0x30
[ 3053.469268]  do_vfs_ioctl+0x1de/0x1720
[ 3053.473157]  ? ioctl_preallocate+0x300/0x300
[ 3053.477561]  ? __fget_light+0x2e9/0x430
[ 3053.481537]  ? fget_raw+0x20/0x20
[ 3053.484994]  ? _copy_to_user+0xc8/0x110
[ 3053.488975]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3053.494510]  ? put_timespec64+0x10f/0x1b0
[ 3053.498661]  ? nsecs_to_jiffies+0x30/0x30
[ 3053.502811]  ? security_file_ioctl+0x94/0xc0
[ 3053.507222]  ksys_ioctl+0xa9/0xd0
[ 3053.510675]  __x64_sys_ioctl+0x73/0xb0
[ 3053.514585]  do_syscall_64+0x1b9/0x820
[ 3053.518472]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3053.523834]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3053.528763]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3053.533778]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3053.538795]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 3053.545459]  ? __switch_to_asm+0x40/0x70
[ 3053.549519]  ? __switch_to_asm+0x34/0x70
[ 3053.553585]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3053.558437]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3053.563631] RIP: 0033:0x457519
[ 3053.566820] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3053.585787] RSP: 002b:00007fa8b9a42c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3053.593499] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3053.600776] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000006
[ 3053.608041] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 3053.615357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8b9a436d4
[ 3053.622623] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3053.974561] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3053.981172] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3053.988276] device bridge_slave_0 entered promiscuous mode
[ 3054.010900] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3054.017332] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3054.024134] device bridge_slave_1 entered promiscuous mode
[ 3054.046289] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 3054.070212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 3054.133594] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 3054.158393] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 3054.252869] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 3054.260295] team0: Port device team_slave_0 added
[ 3054.281529] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 3054.288914] team0: Port device team_slave_1 added
[ 3054.311044] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3054.334318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3054.358204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3054.382961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3054.583493] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3054.589876] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3054.596595] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3054.602982] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3055.334239] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3055.407504] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 3055.477895] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 3055.484015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3055.491218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3055.561686] 8021q: adding VLAN 0 to HW filter on device team0
04:16:12 executing program 5:
r0 = dup(0xffffffffffffff9c)
openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.memory_migrate\x00', 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
ioctl$TIOCNOTTY(r1, 0x5422)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x200000000000, 0x1ffff)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

04:16:12 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0010000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:12 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:12 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:12 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x30, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:12 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
io_setup(0xfffffffffffffffe, &(0x7f00000001c0)=<r1=>0x0)
clock_gettime(0x0, &(0x7f0000000240)={<r2=>0x0, <r3=>0x0})
io_pgetevents(r1, 0x6, 0x2, &(0x7f0000000200)=[{}, {}], &(0x7f0000000280)={r2, r3+10000000}, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x40, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000140)={&(0x7f0000000100)=[0x62d, 0x5, 0x8000, 0x6, 0x5], 0x5, 0x3, 0x469, 0x8, 0x0, 0xffff, {0x2, 0x4, 0x8001, 0x4, 0xff, 0x800, 0x10000, 0x2, 0x100000001, 0x1ae, 0x8001, 0x5, 0x40, 0x0, "c22246efd356192b2dbf25b440fe2b08a4f8bc3034c4889b38181035962114ca"}})
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000040)={{&(0x7f00001c5000/0x1000)=nil, 0x1000}, 0x1})

04:16:12 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r1, &(0x7f00000003c0)=[{{&(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x3, 0x4, 0x1, 0x1, {0xa, 0x4e23, 0x5bb, @empty, 0x1f}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000180)="7df3f2a50a02fb8378b235f92a82fc220643769f776f733316580bed5a8b8de956b7eb201a37ad89130144f1c0f97eb6f5403e7da09b33ab1dda63cdbefdaaa0c9d88107448dc7787173920bf03037d0160a219962c7bc6e2de956e2e436542cf11741cd66d562d687b6f0b27e0a360a99f97faa49c5ae08ab6f303d9b9ca1e6a3511fd8a0f8b748e46f79f64ae1e1bf98a1ab8132fb5a779d2a4c6e46d532b6ad0689854840b2d958c18cc23a1c61147164d956dad6292a50ef3c11a47e1d6c52bfd029f31ddc74", 0xc8}, {&(0x7f0000000280)="2fe886f6b275bff35bdf07d10c927826ff59c347fbc3381ff79384d5980d999d91df1d0e470528a5e9cac72187", 0x2d}, {&(0x7f00000002c0)="5798c879ec4b69934782c5fcd125a48edba70cd299ef2f21b6988868ceddfb09274095a336638806aa", 0x29}, {&(0x7f0000000300)="1e7c69a60aa7ed52bf91a7d12e697203a61edbfc83b0f118b948cf3f7e4f41e81b5bb3eb931041eb47b89cdc4ad544a2ff8ee4e54a76a571cf87a2b4f7852d89212be31d172f6feb4b989ce892c7d405c4110e811f0b1cd0004f8e05cef3ec28ad73465aa5518579e1465c549458b8c7086b9af8bef1f5ff706348", 0x7b}], 0x4, 0x0, 0x0, 0x1}, 0x7}], 0x1, 0x4000080)
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
fremovexattr(r2, &(0x7f0000000400)=@random={'user.', '\x00'})
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

[ 3057.000778] *** Guest State ***
[ 3057.010200] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3057.019211] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3057.028689] CR3 = 0x0000000000002000
[ 3057.032455] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3057.039258] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:12 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3057.045840] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3057.052601] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3057.060627] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3057.075025] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3057.083365] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.092059] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.100313] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.108460] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.116437] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.124458] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3057.132595] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3057.140621] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3057.148656] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.156809] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3057.163225] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3057.170803] Interruptibility = 00000000  ActivityState = 00000000
[ 3057.177100] *** Host State ***
[ 3057.180306] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801240bf390
[ 3057.186294] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3057.192775] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3057.200631] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3057.206562] CR0=0000000080050033 CR3=000000011ee98000 CR4=00000000001426f0
[ 3057.214033] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3057.220783] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3057.226895] *** Control State ***
[ 3057.230358] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3057.237055] EntryControls=0000d1ff ExitControls=002fefff
[ 3057.242526] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:13 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:13 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3057.249523] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3057.256205] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3057.262836]         reason=80000021 qualification=0000000000000000
[ 3057.269199] IDTVectoring: info=00000000 errcode=00000000
[ 3057.274656] TSC Offset = 0xfffff9988b1abf09
[ 3057.279012] EPT pointer = 0x000000018b90601e
04:16:13 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8060000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3057.356368] *** Guest State ***
[ 3057.360090] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3057.371731] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3057.381180] CR3 = 0x0000000000000000
[ 3057.384948] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3057.391003] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3057.397057] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3057.403756] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.411869] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.420020] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.428082] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.436142] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.444179] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:13 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3057.452278] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3057.460436] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.468490] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3057.476481] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.485217] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3057.491933] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3057.499815] Interruptibility = 00000000  ActivityState = 00000000
[ 3057.506365] *** Host State ***
[ 3057.510064] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801240bf390
[ 3057.516167] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3057.522682] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3057.530666] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3057.536582] CR0=0000000080050033 CR3=0000000197ec8000 CR4=00000000001426f0
[ 3057.543650] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3057.550360] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3057.556425] *** Control State ***
[ 3057.559914] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3057.566590] EntryControls=0000d1ff ExitControls=002fefff
[ 3057.572101] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3057.579075] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3057.585754] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3057.592381]         reason=80000021 qualification=0000000000000000
[ 3057.598776] IDTVectoring: info=00000000 errcode=00000000
04:16:13 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3057.604235] TSC Offset = 0xfffff9985919002d
[ 3057.608590] EPT pointer = 0x000000011c73101e
[ 3057.686989] *** Guest State ***
[ 3057.690447] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3057.716822] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3057.727412] CR3 = 0x0000000000002000
[ 3057.731244] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3057.737905] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3057.737914] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3057.737931] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3057.759460] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3057.766327] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3057.774744] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:13 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12ae3b337a020000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:13 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf5ffffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:13 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3057.782817] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.790997] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.800739] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.811751] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3057.820936] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3057.831055] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3057.839340] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3057.847404] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3057.855524] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3057.869826] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3057.877989] Interruptibility = 00000000  ActivityState = 00000000
[ 3057.884237] *** Host State ***
04:16:13 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socketpair(0x7, 0x6, 0x1000000000000000, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000140)={0x0, 0x2, 0x4, 0x8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x80000, 0x0)
ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000080))
fstat(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$FUSE_ATTR(r1, &(0x7f00000002c0)={0x78, 0x0, 0x6, {0x9, 0x7fff, 0x0, {0x2, 0x3d1f, 0x2, 0x3, 0x8, 0x100000000, 0x0, 0x4, 0x5, 0x7, 0xffffffffffffffff, r3, r4, 0x9, 0x7}}}, 0x78)
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000013000))
ioctl$TIOCGPTPEER(r1, 0x5441, 0x7ff)

[ 3057.887660] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010b047390
[ 3057.893689] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3057.900186] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3057.908295] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3057.919373] CR0=0000000080050033 CR3=0000000197ec8000 CR4=00000000001426f0
04:16:13 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3057.931489] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3057.946033] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3057.963588] *** Control State ***
[ 3057.967962] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3057.974736] EntryControls=0000d1ff ExitControls=002fefff
[ 3057.980327] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:13 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x80000, &(0x7f0000000100)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1c100, 0x0)
ioctl$KDDELIO(r1, 0x4b35, 0x1)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:13 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
timer_create(0x7, &(0x7f00000002c0)={0x0, 0x19, 0x5}, &(0x7f0000000300)=<r2=>0x0)
timer_gettime(r2, &(0x7f0000000340))
r3 = accept4(r1, 0x0, &(0x7f0000000040), 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00')
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r4, 0x84, 0x74, &(0x7f0000000200)=""/129, &(0x7f00000000c0)=0x81)
sendfile(r3, r4, &(0x7f0000000080)=0xf, 0x7ffff00e)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000013000))

04:16:13 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3057.989394] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3057.996458] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3058.003284]         reason=80000021 qualification=0000000000000000
[ 3058.016225] IDTVectoring: info=00000000 errcode=00000000
[ 3058.021847] TSC Offset = 0xfffff9982c0364f1
[ 3058.026257] EPT pointer = 0x00000001bb1a401e
04:16:13 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x30000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:14 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3058.176949] *** Guest State ***
[ 3058.180449] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3058.189495] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3058.199096] CR3 = 0x0000000000002000
[ 3058.203255] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3058.209958] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3058.216888] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3058.224553] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3058.230877] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3058.237764] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3058.245823] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.254788] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.262838] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.270857] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.278928] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.286964] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3058.294951] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3058.303055] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3058.311092] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3058.319941] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:14 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3058.326372] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3058.333914] Interruptibility = 00000000  ActivityState = 00000000
[ 3058.340810] *** Host State ***
[ 3058.344041] RIP = 0xffffffff811f9ed3  RSP = 0xffff880128bff390
[ 3058.350132] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3058.356579] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
04:16:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffffffa0010000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3058.373992] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3058.381954] CR0=0000000080050033 CR3=00000001b04fc000 CR4=00000000001426f0
[ 3058.389492] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3058.396184] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3058.396190] *** Control State ***
[ 3058.396200] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3058.396208] EntryControls=0000d1ff ExitControls=002fefff
[ 3058.396222] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3058.396231] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3058.396240] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3058.396249]         reason=80000021 qualification=0000000000000000
[ 3058.396262] IDTVectoring: info=00000000 errcode=00000000
[ 3058.450125] TSC Offset = 0xfffff997ec87511b
[ 3058.454453] EPT pointer = 0x00000001c903d01e
04:16:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:14 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:14 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa0008000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3058.716924] *** Guest State ***
[ 3058.720256] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3058.729202] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3058.738434] CR3 = 0x0000000000002000
[ 3058.744914] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3058.751545] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3058.758156] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:14 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3058.764240] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3058.770254] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3058.776976] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3058.784933] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.796774] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.806234] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.814569] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.822862] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3058.831092] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3058.839285] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3058.854174] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:16:14 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x401c, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
r2 = fcntl$dupfd(r0, 0x0, 0xffffffffffffff9c)
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000040)=0x10000, 0x4)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000140), 0x4)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3058.864028] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3058.872082] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3058.878730] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3058.886186] Interruptibility = 00000000  ActivityState = 00000000
[ 3058.913305] *** Host State ***
[ 3058.916549] RIP = 0xffffffff811f9ed3  RSP = 0xffff880128bff390
[ 3058.923017] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3058.929906] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3058.937833] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3058.943738] CR0=0000000080050033 CR3=000000018cdaa000 CR4=00000000001426f0
[ 3058.951172] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
04:16:14 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:14 executing program 4:
r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8000, 0x8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x4, 0x31, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
get_mempolicy(&(0x7f0000000040), &(0x7f0000000080), 0x7, &(0x7f0000531000/0x1000)=nil, 0x5)

04:16:14 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8848000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3058.957897] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3058.964000] *** Control State ***
[ 3058.976774] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3058.983453] EntryControls=0000d1ff ExitControls=002fefff
[ 3059.002115] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:14 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3059.020535] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3059.034240] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3059.052301]         reason=80000021 qualification=0000000000000000
[ 3059.059713] IDTVectoring: info=00000000 errcode=00000000
[ 3059.066223] TSC Offset = 0xfffff997a193fdc7
04:16:14 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
sendmsg$unix(r2, &(0x7f00000002c0)={&(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000100)="812625f31a3940ae7a318abec5340070101cfbc8c9360769f953b100046286a07436195a1697d3c2c6132bb0b54d8db536053c9d854c5552d7aaf7fba3ff605952e9fa48239c6de77de046d94a2cf89b151b215e853acc7d7b15c48a037c2b2421a7ecab33770dd9e4772372972304348e07434622d174391226e4340d741d4ada114ea4461f3046bce54954b220dcec225ead53793557b27fe5022ccfedceb0384ca447123b7c6fa07a96873b6e5313ec801d3eb4d5424ac4507b6f4326c31f9459832de4954de29336cc2b0447da91142744ae46871d71015896c647e638", 0xdf}, {&(0x7f0000000200)="3fed2705d016b3cd246135e396df184c85c058f4c58d0d149b7bb06f194175dcc1d4df77677c524d96d5d3b825d7a912df2653802ed73f76a140577c", 0x3c}, {&(0x7f0000000680)="979c1fe8c33e3d307b23b9d877f5ba3efb1319c2725ebccdb0baa659ce7c3af2213f277b1f0bddd73b8ca30c0e918e4ac9f0e91bab35115eddd758ff6b14d737e976267e75256b514030725fe96b9dc7a83420d9e4d0bd9e9b1563bc21298d14f76c7f0008e7704773f944bcf2791af3974f886536b4bceeb146353bb7b8b8300d12aab64dd792182526653ef7c5ecee6163aba1a263d9ddd1bae3ae82968878ef7762c9bfadf3a3acbb4aaab03ed778e17b574bbcf4b62cf89bd94d8d8d855ae7ce6229ed31e0627780756f624c474f310a890e602acffb69afd717d8c3eb53517d5db544cf04ab919669b5bd575a9c8d63164f0d0d390f0b782f36dddbd297f6aeae5b222bc6ebaf6850baa56e842faf6888c4d0b7e6ad51b2db471297850fca8f7f4317666222b23f15f5f2750ef4352ea62b01beefb143ef253fa8ee12b46fbc0b235b59b042e99b9d8c00dc24f433b23f5c86de1ebf024034d4e68ae0d3e1024bb8aca796d0c94bcbb14ad65f925095f1cc565abf1a3f6f9d431d4ccb03eedf7225d21d319d348b91613352ced4516c98e582cb52a8dcaf2ae16a1be793db0c9723ae7b485100445107b2b72590bc359a333df9c01988e0c9bec7fa18e8c785c2777c03b09b754d4dfa2979b0e4073a479780a0b1c665a350633d128493f3781dc58bd0cb4991f0ea456becb06b70903233f88e93552600da8f78dcebb41fbb48ac9cefa06fdb367d76106ff0f9dca5f53578942d1f8275af36f3b583c06f9c8f8d95e66ab4d1b2e7bedef1afd2958ae77309a57376bd2def840f33eaeab5090e1e937e113c4718c2de6480982493960f8b51329926e429f3191bdf70bc90539a029bc30f9ae3bb18abcaa0c8dce7fac5be166975478b70a59a2d85c981d2781111d73431fba7e27cabd4ac9694f3d7fb1e5ae47c0e748d8bfc750b8ab74a78ea0d0aee1d93d84f0f134d08e38fc8fbe67bf36c19e367640173303fcc1dfc3b36a21bad403313cc9dbb38e1edaf384febf92b38f162e2ab8804b2e2a9bef6b2f0956f13b8d7eccae248292901e6f69e1abf2865ae9c04759e6ddcf4649fe3d259f1e1eb323f1171ab8bcd5054cd30760705a0531b990ab4830b0496cad8c73fcee26759f6a49ff7e512833a05b4cbf9abf0b864e1d363a9cac082c944004ff3402b420e50050d26e3acdc6acf784ecb581b2bcc8d1cb5764fa0ba36178ed241f131b6181d488f34e49888a00e1f2418186bba8270604cbe032b4350b0936b663ddc24798b2786a065970f3b79feaf78a413cfc6e675eacc212499e7610650fefb56770b2666aa12198bd89affbe6a8ad571ec29ae1fd40c24f59d2edcc59213b393228a3ce32f32154b4a90d21db2ee078dfcdac87fa3b010bb0703e4dc8fab75be165dd525ed730cbc5780b6fb2a8e977361c1bb948717ac4c6410bdddf38ec2c83a70b6afe1567c5124028420d57e0596eba104ba20da307285e6391c52f2ed830851ef91e758aead84b47ad1120fd64e83181f5c48f05b222508cef82de8be37c183ae73c44eef36ac3235b490812638bad6637705e8b65c88c81eef339677f50acc3c695333ed5f0faa2ff434c8776ac5e437a0be3f6bd74e0b607ebcb4a5ad5224364213347de21df222451d53da478298f04855762475cbfa262e07bd973891e0032d8eacaa86a5310cf59c60894c8910320b909d2b356a49578f12048d7034fbc391dbedb8ee95660ac3bf57d1cafc97d2c753d5cc43d01411a495c3ffdfc12ed66f62205be5679e98d8b48ac9d0a2936b4ab2787082c8e2380173159ca2627e5593e4962af954489f86d8d909b53554541e13e3caad91f11f815c0b2020442cd51886be9668547396716b3eeb19bbf9b3d13c705d61902e73708303a546623bef0c272a38844c27efc59747a7e69c6f1fb2e963bbcb2a10d21986ea730723ec1575e8b17384acdd954e663a9b18482666471ed73ef2f5d983f73302abdfc3bc88d797a351ef1254c02c7768a45d1233f89aebdef400ab61f372385d7e1c55d39dfd6f382300df9b7275fa60d8c3041ffdb8a4dd4c64bcbdc0df378d914065a759c1407436b4d579697ba72a6f47f3a55c1050de18fb3e45f9752afd34f64387bf5968b96ddb7e4a13c01d3ad6cea6a8a3c03b8344f5cdc9a4e9d7afe141dbc9f9165ccc04491dc7a0a28b488689cb119e29a0088cc827300d32998b6d2c4072378450292e143d630ed16f64991dfb0cac78c897799e6c394f251de0fc0276911ea145492db5e247299dff1b7607071dd07723d3779c940a04e2535910e257531e010966b4e0cdaf31a7978c805fa828a6364f1924f96be5f9e84154bda36a38b74e9fcd85c2a770ab95070a512ef7e218d0c7f3c677f7e04cee1436a065e0c0a7bde8da14a033e11684f45f9539f2b94aa3e62695abc9fe8aa50b7255e390418950eb923d5c0fecb1f4a7aef857249c471800ab4c85c036f726304dd8c16c2ae76f44cdc135ee618b17c80445b68f33d014cf8d2e38d6a5781a7eb47268afaad5326de609ea27d9be404961fc6b520dd489b388016e927456b3a719b9bb848ea3791658f6212e31f4cd896b5669c312398a591d6cff294e08a4946e435b4bd17c0e98247de13c041103b0e7b09e96e2dcd11ab5cbf5971b489db39bbdd9855cb1b40d4dcccbe43490dcbc5c0f4536ab7132e4d31345d1ec308db3b8adc58b7d402df4e681786c015765262d6d799d1d09f4befd2e15f11ae02f99ac50b369e7ef3ffb0077129ee6a5e435bc1c3dd500739120a4a63fb105fa9d6e6867b925082e325559aa41895e4df0dfa78a9e0af688a7282a84323692e4e4f6528dbb13ad74dfbb529a5fd980626f8fd4aaeaf565c4d34e39cd6c97e1d3c47447209a892d31404df28e0ed3481a737b57787788ac627a0fba4ac6a7e7b8f5cedba16112abce14feea3cd6e7fcf0fedd1760ac61e09ef3582f54356728a71ecbbe6199f1826ca243c6f9eb4a3c0f26de6b3dea03ef91b792dd194aaae1ede9b392288c6890f8399d1efee9bc38bed4e5392488ea238651bc9916f4fcf2662968298850b76e2fc25b13e851a9e0bea0f14cd5a8d238f608c56e85eeb1bc2774462230e30bbcbf4f3debb2115c1bb8df4a10b457d1395e1212729c0c1da3c9f83e459f7490f4027cf7d58474efe3ac9229efc70fe1cc3f7e4c7952162783468f449d4bf4d6c2452774aded2ca2e128ebee4880859e2c7e3bd382c9923f266e77a52f3a8bab9d22acad63da004ead66c8230a801353d4d01766e29e570d5eed26e5d13a08b811fd4e0c4c1659b358db60a3c632c6fe5ac4cec04b6ffd0cdf23204bb6d9cdd64950e2c019644296f33f70221075f1cdc1973b2f72fecf91c2578ddb50d4ed94d921fe9d9cc740236921374aaffd7a993c1aacc29f8c915d13eb65ee9ef5a9178d9d9ca9b3bb4426f1bff095be934c62f1f988dfc813119fb284530e35a7217a4e468f2d4250c2f2c3bfd85cf7c1c6c5e78dd90409e1492da5b86b7b08e939b482ee6c60df3e8141ad8086554d8ad51f0126e6500b1b566120715f4ad6b4538d21fa3364cdf1bf177fe96dbcb216e812e0b60325a3c2de468311c1983efbea6d8d6c793b4a956879e50aa434c26c108c1e2e435153a28b05484bd4308bc4a61b82072571112428b55b4ecdce707044ff40b92578917f4cec973cd2b231824674733a7f215baa487d6f4fb3f5f6a0cf329b1c9f1c8d86fc246ab7b3b843aaff1efe02e42ebd80d217ab36d2e453c75c9af75331b8e8626e27dc5ef012ec11102668511896ff75748e4d11c97d4e4b568ab580f5ccfde9236ccd0f8aaef75884cfce933d4fd8b45d4dafd862be4c20aa100b06d86d468cfba3e0ac736a84832a56be212bf702f29e81eb7a9da5a090d45d3bd3aa0676d43a74a7d7e8afde9d42444fc482fa385cc5361fc063ab207f868b842abfa2eabca37b3ef42f90ed9522a4d12ff4efd7b51ff9fe635bd14c96cc23cc9f7fecd857b20c43de49e9d336fd048e9b2619d5c8926fb2db74c4f79aa5735a00539ec4274bacfcea936b1965470644682ed265bd222e14832b1a33b72072f2ae0d02eaeeea6eece6f4e32f824c6c5548c902f68ed4aa8a32dbbe3956fed3ef1668c6cc148e3005d11ca41f5b806e9745607dcf4216c7033d02b644b3106aea37126405fc8253b16e5d7f561c229fdb98410f30407f17ab3e329b23e82546660ac3af4da74520a53cb4b29239b483320aa3743487b064c517f72367ff1d66706ae3ca83944fb16d51683c9b49a761fad87d5ec1bbfa2b33986ca7432a00333dd8a34a0d49fc77ba72ce985341f9d5d2135702f2acae663b17502752b35b0932aa34fdd121e2c4b16ade64bb864b4f1238005e2a5a985f8cc9339774a956ff2a75eb31342c29b2e012264b794b28c76e8e652190833fca9569a74682027827bd488dd1954404a63fd61c6a161d24aede6cea58975368cf79911ab74f400e6a9b98991da582941df55f626682df7281da14887aeaf5cae97fd29f8c14645bc127bdbef2fd1c2ead04d6ef33388b2783a46a586d0e4e7af1a265635320254ebebc7ab4cf952d64eacf5ff67645230624484a38803020bef0567821077aefd3abd763c38cd7a3af8dc2b52ae334782585b88901e240f7229dc336ceb688f1d35de2f0a47b47e527c73bbe4663ffc7f9cfc77a277bfe6a97ab501d311ab8fe5205dbaa809e8fee4f8f13ae81d4aa7c0a192a5da137ef6fa3cd3f4f107ef58fe48722bd3e763265ce403675791135b6eda5c3ac6f238ef962487243be47caffd6acf22d314fdd33ff7ebfc5f994dba4a74957b1386587b53d03099ba76901e341f14e5d58c3af495fabaec37aeeee4d449d06c1b16fe537f146f869235a012853cd812db34ca136a1c6d4133eb9f25b6a9f29559024af204a43312ff123eb59fd1a32b26c425bf9bd67d7974893d56c92a306857caa5d6ad7ef1daa1e2fcd44f6f53bb1100595be50c3c2721c4063fb5d6bf138e193ceed6bb2cac46c6e9645e210bccaed06dfc24bd40b20b525d3aa91aff52400d5bbc7fcd3056e596a4b250e5fda8a2a7522438b3de704d0c4546d82840f7e1fb5253f5215a60ad1e9d3c7e27b840e2825cb3e20101fa78cabc89df0df5f9f1b00312d9102d8a21cbc3c35ea2b7d66f77d6d8a711dbb41dc1188c3d4a9c04a3023fc8c9a3b950fec4b4837aedaf48bae0986697aef6de8ff62ef4d3253294ebc821d47a8eb74e15aef97444c6e12f1f3e69b0fead2581fb59ca62af0c15ce74f44d0e10137307b59c0bc6a8328e8b7272668b4c68a194d9a07411008dc871d0a0395c4c837f8f24e98d3e4d72d3ca0a3222df287cc4e7f11a10f3fc5d00ac32bfbfb5fa8cf9662ff30a4bebc8528b02adeaffc9b6f89baf8a5fabec9877a1438fc5559b3ed396f74d64b21684d29aaf3950220b1cb33fce49f8d514957aa130a5a95e134e1b5090c4bb327195ae8d30af659d4cc14cad0ed0661f94c9b0485f1681deddce446ed5e149d9cfad3cf031a63e559f5ccc11e061b843605b1a5a4e2f6e70536c13aec5c950fdbc8b05341e8bf114c1bade916e397c75250d83796c29d782937b93f7e67f4f1d3d4551068c4efe8ec88df60eef38fa585e90f1b811581e0fe575c1516667f9c7dd7e2ef8d372c77cf5fc0fd2a10346463b3dad9201dafdba6b7cf26c0b69beb8201563adfe0b94cf56f76fa72e03de51781ddeeee0f89591e38803672da13ca620d47febe10cd319d267ce2d51b", 0x1000}, {&(0x7f0000000240)="5ee6dbb9d4dafefa3fcc9f7adde3ff", 0xf}], 0x4, 0x0, 0x0, 0x48040}, 0x81)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3059.071078] EPT pointer = 0x00000001d7e0b01e
04:16:15 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000100)=0x8)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x40, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800008000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:15 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:15 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:15 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x500, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3059.518433] *** Guest State ***
[ 3059.521724] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3059.531758] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3059.540785] CR3 = 0x0000000000002000
[ 3059.544532] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3059.551213] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3059.557773] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3059.563754] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3059.569832] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3059.569846] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3059.569865] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.592659] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.600722] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.608737] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.608757] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.608771] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3059.608789] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3059.608802] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3059.649011] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3059.657026] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:15 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3059.663429] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3059.673860] Interruptibility = 00000000  ActivityState = 00000000
[ 3059.685866] *** Host State ***
[ 3059.689852] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a8cef390
[ 3059.695994] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3059.702819] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3059.711032] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
04:16:15 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x600, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3059.726358] CR0=0000000080050033 CR3=00000001c1274000 CR4=00000000001426f0
[ 3059.733554] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3059.754315] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3059.760960] *** Control State ***
[ 3059.765350] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
04:16:15 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3059.772194] EntryControls=0000d1ff ExitControls=002fefff
[ 3059.778032] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3059.785040] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3059.791766] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3059.798466]         reason=80000021 qualification=0000000000000000
[ 3059.805401] IDTVectoring: info=00000000 errcode=00000000
[ 3059.811114] TSC Offset = 0xfffff9972e166f99
[ 3059.815465] EPT pointer = 0x00000001ce3eb01e
04:16:15 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3059.932450] *** Guest State ***
[ 3059.935739] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3059.944683] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3059.953761] CR3 = 0x0000000000002000
[ 3059.957626] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3059.964218] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3059.970788] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3059.977052] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3059.986800] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3059.993476] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3059.993496] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.993514] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.993531] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3059.993549] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3060.037663] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3060.046488] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3060.054954] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3060.063655] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3060.071725] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3060.079900] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3060.086311] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3060.098441] Interruptibility = 00000000  ActivityState = 00000000
[ 3060.104688] *** Host State ***
[ 3060.109919] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6727390
[ 3060.115930] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3060.122406] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3060.130229] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3060.136108] CR0=0000000080050033 CR3=00000001c3150000 CR4=00000000001426f0
[ 3060.143520] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3060.150222] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3060.156287] *** Control State ***
[ 3060.159800] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3060.166519] EntryControls=0000d1ff ExitControls=002fefff
[ 3060.172030] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3060.179033] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3060.185681] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3060.192282]         reason=80000021 qualification=0000000000000000
[ 3060.198629] IDTVectoring: info=00000000 errcode=00000000
[ 3060.204061] TSC Offset = 0xfffff996f54a4ead
[ 3060.208399] EPT pointer = 0x00000001d5b6501e
04:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8000a0ffffffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:18 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:18 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x6e18eb887e690ace)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = getegid()
fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000280)={{}, {0x1, 0x2}, [{0x2, 0x1, r3}], {0x4, 0x5}, [{0x8, 0x1, r4}, {0x8, 0x2, r5}], {0x10, 0x1}, {0x20, 0x4}}, 0x3c, 0x0)

04:16:18 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:18 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18020000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:18 executing program 5:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000240))

[ 3062.286878] *** Guest State ***
[ 3062.290364] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3062.299426] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3062.319599] CR3 = 0x0000000000002000
[ 3062.323992] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
04:16:18 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000040)='&selinux\'em0[(keyring##em0posix_acl_accessvboxnet1-cpuset\x00', 0x1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080), &(0x7f0000000100)=0x14)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3062.344482] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3062.353072] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3062.359403] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3062.365421] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3062.365435] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3062.365454] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x6000000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3062.365472] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3062.400725] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3062.416405] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3062.425986] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3062.434117] GDTR:                           limit=0x000007ff, base=0x0000000000001000
04:16:18 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x200, 0x0)
r1 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x2, 0x100)
ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r3 = dup(r0)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000000)=0x5e1, 0x4)

[ 3062.450169] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3062.459357] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3062.467507] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:18 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
readahead(r0, 0xfffffffffffffffe, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3062.514181] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3062.529395] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3062.545259] Interruptibility = 00000000  ActivityState = 00000000
[ 3062.558423] *** Host State ***
[ 3062.561846] RIP = 0xffffffff811f9ed3  RSP = 0xffff880173a17390
[ 3062.568586] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3062.575576] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3062.583912] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3062.589927] CR0=0000000080050033 CR3=00000001bd1d7000 CR4=00000000001426f0
[ 3062.597123] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3062.603795] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3062.609911] *** Control State ***
[ 3062.613367] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3062.620049] EntryControls=0000d1ff ExitControls=002fefff
[ 3062.625524] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3062.632497] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3062.639192] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3062.645754]         reason=80000021 qualification=0000000000000000
[ 3062.652091] IDTVectoring: info=00000000 errcode=00000000
[ 3062.657589] TSC Offset = 0xfffff995b67f0eaf
04:16:18 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3062.661944] EPT pointer = 0x00000001a672f01e
04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3062.722263] *** Guest State ***
[ 3062.725671] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3062.735104] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3062.744092] CR3 = 0x0000000000000000
[ 3062.747916] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3062.753992] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3062.760053] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
04:16:18 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3062.767077] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.777189] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.785174] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.793203] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.801443] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.809468] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.809486] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3062.825454] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.833590] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3062.841614] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3062.849778] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3062.856207] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3062.856218] Interruptibility = 00000000  ActivityState = 00000000
[ 3062.856222] *** Host State ***
[ 3062.856234] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a2917390
[ 3062.856257] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3062.856273] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3062.893401] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3062.899327] CR0=0000000080050033 CR3=00000001bd1d7000 CR4=00000000001426f0
[ 3062.906349] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3062.920647] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3062.929177] *** Control State ***
[ 3062.932735] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3062.939494] EntryControls=0000d1ff ExitControls=002fefff
[ 3062.944983] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3062.952363] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3062.959191] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3062.965844]         reason=80000021 qualification=0000000000000000
[ 3062.972439] IDTVectoring: info=00000000 errcode=00000000
[ 3062.977949] TSC Offset = 0xfffff995774718be
[ 3062.982278] EPT pointer = 0x00000001a553d01e
04:16:18 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:18 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000001}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:18 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3063.070547] *** Guest State ***
[ 3063.073830] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3063.082925] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3063.091878] CR3 = 0x0000000000002000
[ 3063.096010] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3063.104423] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3063.113064] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3063.119154] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3063.119170] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3063.119183] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3063.119202] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3063.119220] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3063.119237] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:19 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xfffffffffffff000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3063.119255] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3063.119274] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3063.119289] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3063.132007] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3063.196462] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3063.204618] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3063.212714] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3063.219259] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3063.227018] Interruptibility = 00000000  ActivityState = 00000000
[ 3063.233482] *** Host State ***
[ 3063.241988] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a2917390
[ 3063.249840] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3063.256324] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3063.264260] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3063.270230] CR0=0000000080050033 CR3=00000001d8a9f000 CR4=00000000001426f0
[ 3063.277280] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3063.283945] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3063.290449] *** Control State ***
[ 3063.294075] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3063.300833] EntryControls=0000d1ff ExitControls=002fefff
[ 3063.306314] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3063.313462] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
04:16:19 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3063.320587] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3063.327537]         reason=80000021 qualification=0000000000000000
[ 3063.334053] IDTVectoring: info=00000000 errcode=00000000
[ 3063.339572] TSC Offset = 0xfffff99546c3acc2
[ 3063.343920] EPT pointer = 0x000000011faf001e
04:16:21 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000100)="7781318693cfe1d5aa9843f0919feb0f803eba24692e4d02e0af32d456f83c95d85b0e38469e03df3d8ec485591939821ef307d35f1843ebec58be4ab87dd419d62f190b020f77c8824387a65e4e88f33af1a954514834b614ffc2b53c595301ee2e0296bbbabda816d57e331051d1dc394215cb841d9feee129de56fb5779d35e52277c759beb65daf6dcad60f61fbb17a38aea40f2472aafe66e54f827d25664d71bec48ac396950e3cb782c93a6c261b1ab46d25ad8c8d97bb87d8044bee0c6cc8cb582360f8f4e4f1145b07f87982e66ca42560b5809e689421356fff98737ca0c2179d915dec37fd3bff40bb3813dabbdeb753e2925a2cc500ed5a31f1a")
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:21 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x4888, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:21 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
signalfd4(r0, &(0x7f0000000200)={0x8}, 0x8, 0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2200, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r3, 0x0, 0x61, &(0x7f0000000100)={'filter\x00', 0x8f, "1c2ae63c93befc67d8c186fcde3f0c6f6295da6eb26da38154bc3aa2cd4669ebf9985c61da6fb59fa516bbeb1ea56fa92a0018a80405e217dd0920417764f67bebe9d4b32775ce1c7df4c2dab13330431b94800b5ce65243f3f9746a24598e43dee0961239ddc41fbf1c61471b8d60f84db8307b682a6007309315c774ddd0f6c24b6fd20361e1770f8dbcce913a36"}, &(0x7f00000001c0)=0xb3)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:21 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:21 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3065.677157] *** Guest State ***
[ 3065.680606] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3065.689615] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3065.698611] CR3 = 0x0000000000002000
[ 3065.702506] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3065.709156] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3065.715716] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:21 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3065.727313] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3065.739120] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3065.746224] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3065.754542] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3065.763019] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:21 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x20000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3065.771327] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3065.779442] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3065.787574] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3065.795557] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3065.803908] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3065.811967] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3065.819995] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3065.828341] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3065.834756] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3065.834767] Interruptibility = 00000000  ActivityState = 00000000
[ 3065.834772] *** Host State ***
[ 3065.834785] RIP = 0xffffffff811f9ed3  RSP = 0xffff88017bf7f390
[ 3065.834808] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3065.834821] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3065.834835] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3065.875765] CR0=0000000080050033 CR3=00000001c3883000 CR4=00000000001426f0
[ 3065.886718] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3065.893398] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3065.899525] *** Control State ***
[ 3065.903052] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3065.911196] EntryControls=0000d1ff ExitControls=002fefff
[ 3065.916728] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:21 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3065.923655] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3065.930845] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3065.937592]         reason=80000021 qualification=0000000000000000
[ 3065.944278] IDTVectoring: info=00000000 errcode=00000000
[ 3065.950379] TSC Offset = 0xfffff993e6ff9b65
[ 3065.954822] EPT pointer = 0x000000010246601e
[ 3066.014026] *** Guest State ***
[ 3066.017382] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3066.026218] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3066.035911] CR3 = 0x0000000000002000
[ 3066.039827] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3066.046323] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3066.052840] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:21 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:21 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x11, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3066.069709] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3066.076083] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3066.094648] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3066.102889] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.111306] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.123336] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.132224] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.140999] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.151333] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3066.159388] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3066.167478] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3066.175549] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3066.183575] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3066.190127] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3066.197639] Interruptibility = 00000000  ActivityState = 00000000
[ 3066.203875] *** Host State ***
[ 3066.207123] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010b047390
[ 3066.213097] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3066.219570] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3066.227380] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3066.233264] CR0=0000000080050033 CR3=00000001c743a000 CR4=00000000001426e0
[ 3066.240324] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3066.247474] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3066.253539] *** Control State ***
[ 3066.257084] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3066.263753] EntryControls=0000d1ff ExitControls=002fefff
[ 3066.269619] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3066.276593] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3066.283313] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3066.289946]         reason=80000021 qualification=0000000000000000
[ 3066.296249] IDTVectoring: info=00000000 errcode=00000000
[ 3066.301721] TSC Offset = 0xfffff993b3b1ca23
[ 3066.306041] EPT pointer = 0x000000010ae3101e
04:16:22 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000600), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xe, 0x24, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d03010000000000950000000000000071260000000000006706000002000000bf25000000000000620500000e0000007365000000000000bf540000000000000704000004faff003d4301000000000095000000000000005d54090000000000bf250000000000000f65000000000000070500000e000000bf5400000000000007040000040000003d4301000000000095000000000000006154000000000000bf00000000000000070500000e0000001f6500000000000007050000040000000f65000000000000bf5400000000000007040000040000003d3201000000000095000000000000004d54000000000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48)
nanosleep(&(0x7f0000000080)={0x77359400}, &(0x7f00000000c0))
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xfffffffffffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
acct(&(0x7f0000000340)='./file0\x00')
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000200))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:22 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:22 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1802000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xd00000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:22 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3066.686870] *** Guest State ***
[ 3066.690434] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
04:16:22 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3066.730962] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3066.742995] CR3 = 0x0000000000002000
[ 3066.756278] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3066.763232] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3066.769806] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3066.775801] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3066.781875] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3066.788582] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3066.796599] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.804652] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.812676] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.820715] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:22 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000de8000/0x3000)=nil, 0x3000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x2, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000100)=0x7, 0x4)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3066.828735] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3066.836761] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3066.844744] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3066.862575] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3066.870649] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:22 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88caffff00000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:22 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = request_key(&(0x7f0000000040)='.dead\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)="7c08fc3f", 0xfffffffffffffffb)
keyctl$assume_authority(0x10, r2)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3066.889184] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3066.895847] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3066.911568] Interruptibility = 00000000  ActivityState = 00000000
[ 3066.917948] *** Host State ***
[ 3066.921389] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801be657390
[ 3066.927785] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3066.934291] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3066.955298] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
04:16:22 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x8001, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000240), &(0x7f00000002c0)=0x60)
r2 = socket$inet6(0xa, 0x5, 0x2000)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
r3 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7fff, 0x10000)
write$FUSE_WRITE(r3, &(0x7f0000000100)={0x18, 0x0, 0x8, {0xffff}}, 0x18)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000140), 0x4)
setsockopt$inet6_MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000180)={{0xa, 0x4e22, 0x811, @local, 0x8}, {0xa, 0x4e24, 0x7fffffff, @empty, 0x1}, 0x8, [0x20, 0xc355, 0x350, 0x0, 0x8fac, 0x4, 0x6]}, 0x5c)
ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000013000))

04:16:22 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3066.983740] CR0=0000000080050033 CR3=000000018b90f000 CR4=00000000001426e0
[ 3067.008276] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3067.015000] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3067.024022] *** Control State ***
04:16:22 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x14000, 0x0)
ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f00000004c0)={0x9f6, 0xfffffffffffffffc, 0x3ae6})
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000100)=ANY=[@ANYBLOB="7261770000000000000000000000000000000000000000000000000000000000090000000300000098020000f8000000f8000000f80000000000000000000000000200000002000000020000000200000002000003000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB="000000000000000000000000110000000000000000000000000000000000b242f6701e00000000000000000000000000b79196f6d9b159f37a82fed2ce75e7af402a82b744827ddadcd3f5966bc5fe3d77e892d0ca908cfbdf046d6c62ddcc4bf78a5d3064414491cf3524f575bf189d747e2a10c6cc2ba463ebe2ba"], @ANYBLOB="ac141416ac1414aa00000000000000ff64756d6d7930000000000000000000006c6f0000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600026000000000000000000000000000009800f8000000000000000000000000000000000000000000000000006000484d41524b0000000000000000000000000000000000000000000000000000000000000000000000ffffac1414aaff000000ffffffffffffffffffffffff4e224e244e234e2400000000090000000400000010ce00000000000000000000ac1414aa7f000001ffffffff00000000626f6e645f736c6176655f300000000076657468305f746f5f7465616d000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000002f0002400000000000000000000000000000c00008010000000000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000c000000000000004800435400000000000000000000000000000000000000000000000000000000010012b30300000000000000736e6d70000000000000000000000000000000000180ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x2f8)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rfkill\x00', 0x60100, 0x0)
ioctl$RTC_WIE_OFF(r5, 0x7010)

[ 3067.029416] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3067.036247] EntryControls=0000d1ff ExitControls=002fefff
[ 3067.042116] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3067.049459] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3067.057537] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3067.064132]         reason=80000021 qualification=0000000000000000
[ 3067.073980] IDTVectoring: info=00000000 errcode=00000000
04:16:22 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3067.083426] TSC Offset = 0xfffff99360cdfb46
[ 3067.087981] EPT pointer = 0x000000011772001e
[ 3067.140183] *** Guest State ***
[ 3067.143501] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3067.152396] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3067.161281] CR3 = 0x0000000000002000
[ 3067.165022] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3067.171583] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:23 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3067.188731] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3067.194745] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3067.206729] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3067.213410] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3067.221431] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3067.221449] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3067.221501] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3067.221518] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3067.221536] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3067.221547] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3067.221565] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3067.221577] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3067.221594] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.293719] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3067.300344] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3067.308866] Interruptibility = 00000000  ActivityState = 00000000
[ 3067.315775] *** Host State ***
[ 3067.319037] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c1717390
[ 3067.325016] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3067.331959] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3067.339822] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3067.345726] CR0=0000000080050033 CR3=0000000106815000 CR4=00000000001426e0
[ 3067.352786] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3067.359491] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3067.365539] *** Control State ***
[ 3067.369068] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3067.375744] EntryControls=0000d1ff ExitControls=002fefff
[ 3067.381239] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:23 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x1a0ffffffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3067.388188] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3067.395027] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3067.406850]         reason=80000021 qualification=0000000000000000
[ 3067.413745] IDTVectoring: info=00000000 errcode=00000000
[ 3067.426561] TSC Offset = 0xfffff99318d9e49b
[ 3067.431530] EPT pointer = 0x000000016043801e
04:16:23 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3067.498193] *** Guest State ***
[ 3067.506372] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3067.516074] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3067.525202] CR3 = 0x0000000000000000
[ 3067.529282] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3067.535263] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3067.541943] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3067.548960] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.557113] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.565162] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.573248] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.581293] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.589361] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:23 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3067.597385] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3067.605425] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.616823] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3067.627293] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3067.639839] EFER =     0x0000000000000000  PAT = 0x0007040600070406
04:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8847000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3067.646615] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3067.663709] Interruptibility = 00000000  ActivityState = 00000000
[ 3067.670706] *** Host State ***
[ 3067.673920] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801d3a77390
[ 3067.679963] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3067.686377] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3067.702414] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3067.708358] CR0=0000000080050033 CR3=0000000104513000 CR4=00000000001426f0
[ 3067.715373] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3067.722668] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3067.728822] *** Control State ***
[ 3067.732278] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3067.739020] EntryControls=0000d1ff ExitControls=002fefff
[ 3067.744489] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3067.751580] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3067.758285] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3067.764869]         reason=80000021 qualification=0000000000000000
[ 3067.771223] IDTVectoring: info=00000000 errcode=00000000
[ 3067.777228] TSC Offset = 0xfffff992e8f725e8
[ 3067.781923] EPT pointer = 0x00000001ce49501e
04:16:23 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:23 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:23 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = request_key(&(0x7f0000000040)='trusted\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000100)='cgroupppp0+\x00', 0xfffffffffffffffa)
keyctl$read(0xb, r1, &(0x7f0000000140)=""/59, 0x3b)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:23 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x101000002000002, 0x10003)
ioctl(r1, 0x8912, &(0x7f0000000080)="0009000000000200610000")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r3 = dup3(r2, r2, 0x80000)
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r1, &(0x7f0000000040)={0x8})
read$FUSE(r3, &(0x7f0000000680), 0x1000)

04:16:23 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2800000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:23 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0x6, 0x3, 0x8008, 0x4, 0x3, 0x1, 0x6, 0x7ff, <r2=>0x0}, &(0x7f0000000080)=0x20)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000440)={0x3, 0x3, 0x8000, 0x3, 0x7f, 0x8, 0x8, 0x2, r2}, 0x20)
ioctl(r1, 0x40, &(0x7f0000000400)="15366234c1939d488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
sendmsg(r1, &(0x7f00000003c0)={&(0x7f0000000100)=@nfc={0x27, 0x1, 0x2}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000180)="dd39a46c02d068efcde94ebd3d8f1d03f3b30c86e60c28fef39bb8fafeed09e5566907d042e68e0577255d2d0aaf74c33dd6c59bec2a6b019a0b56898fa8b7af9f064c7ab1501fcd3a3dd79d26e4ab7384a1f48489fece954636e5cfba6545a8cc727801f9bd67850cbadb88f0bd55472b1346fbe7ba82eee785e2bcd3d59aae0d55576fab4f6d1281", 0x89}, {&(0x7f0000000240)="8360fc969683ab10c3482352184ee51ff6ec057c0adbf82515a448b90f7d42b1261827664e1ecce85c58ca9f948c6aaed3d674ca51e43e6e39d0df8ef0890a62491fc82cb03ccb8e1dc0a3494d92f6c44f5933ec9b38cfc6ce0d3b6024389dfa9008326dd9069013a97e43ba27bb087038ed932ba497f5746a1d0a44cf46a81e6139544f58532054ac2d531f344f66289a1085b3", 0x94}, {&(0x7f0000000300)="4afecf9ff9c98328b3d9035a7548333553c7cd44be6ab969effc3fd36a38fdef630f6a557cc76737faed7b8b71cf2be6cbbf7262001eec9e336f2ce563a474167d6a79306f8c98991ec4fe31f44fc4372425da04febd65404e87b60c6516f37db2ef9fb3c38a104c1e56eaf1fdc9b77d9f70b7ff7a97e847e04614afe788f9ef8ab2047f29493dae84565ba3d2d6d232351ea3aa31bcea8062c2a9745e00cf13c38471749ea080f4ad76e31903307a3ef1", 0xb1}], 0x3, 0x0, 0x0, 0x1}, 0x20000000)
ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000013000))

[ 3068.012773] *** Guest State ***
[ 3068.016186] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3068.029153] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3068.039206] CR3 = 0x0000000000000000
[ 3068.065977] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3068.079718] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3068.085958] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3068.097935] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.106071] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.119035] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.128039] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.136058] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.144201] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.152241] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3068.160251] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.168676] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3068.176662] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3068.184692] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3068.191371] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3068.198881] Interruptibility = 00000000  ActivityState = 00000000
[ 3068.205108] *** Host State ***
[ 3068.208346] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018571f390
04:16:24 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:24 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x480002, 0x0)
mmap(&(0x7f00002a4000/0x2000)=nil, 0x2000, 0xa, 0x3f, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:24 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:24 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0xffffffffffffffff)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000040002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3068.214339] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3068.220777] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3068.228590] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3068.234461] CR0=0000000080050033 CR3=0000000109400000 CR4=00000000001426f0
[ 3068.241537] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3068.248273] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3068.254329] *** Control State ***
04:16:24 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3068.268083] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3068.275385] EntryControls=0000d1ff ExitControls=002fefff
[ 3068.281182] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3068.288351] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3068.295269] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3068.306845]         reason=80000021 qualification=0000000000000000
[ 3068.313422] IDTVectoring: info=00000000 errcode=00000000
04:16:24 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd01}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3068.321306] TSC Offset = 0xfffff992a7c2ab16
[ 3068.325880] EPT pointer = 0x000000010681501e
04:16:24 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = request_key(&(0x7f0000000140)='trusted\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)='/dev/input/event#\x00', 0xfffffffffffffff9)
add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x2001000000000000, 0xffffffffffffffff)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:24 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ppp\x00', 0x10000, 0x0)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000280)={0x2}, 0x4)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000001c0)={&(0x7f0000000180)='./file0\x00', 0x0, 0x18}, 0x10)
fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f0000000200)=0x3)
r2 = userfaultfd(0x0)
r3 = memfd_create(&(0x7f0000000040)="707070312d085e707070316e6f646576d925292600", 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000100)={0x6, 0x1, 0x10000, 0xffffffff, &(0x7f0000000080)=[{}]})
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
fstatfs(r2, &(0x7f00000002c0)=""/61)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

04:16:24 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3068.467087] *** Guest State ***
[ 3068.470515] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3068.479947] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3068.489080] CR3 = 0x0000000000002000
[ 3068.492890] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3068.499459] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3068.505976] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3068.512165] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3068.516737] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3068.522718] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3068.529499] CPU: 0 PID: 11675 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3068.537998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3068.547350] Call Trace:
[ 3068.549950]  dump_stack+0x244/0x3ab
[ 3068.553623]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3068.558846]  handle_userfault.cold.32+0x47/0x62
[ 3068.563552]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3068.568156]  ? userfaultfd_ctx_put+0x830/0x830
[ 3068.572758]  ? rb_erase_cached+0xc78/0x3720
[ 3068.577084]  ? rb_next+0x140/0x140
[ 3068.580661]  ? find_lock_entry+0x2de/0x8e0
[ 3068.584900]  ? find_get_entry+0x1120/0x1120
[ 3068.589227]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.594764]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.600323]  ? check_preemption_disabled+0x48/0x200
[ 3068.605344]  ? mark_held_locks+0x130/0x130
[ 3068.609576]  ? perf_trace_lock+0x14d/0x7a0
[ 3068.613816]  ? lock_is_held_type+0x210/0x210
[ 3068.618258]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3068.623627]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.629166]  ? __update_load_avg_se+0xae0/0xae0
[ 3068.633836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.639374]  ? check_preemption_disabled+0x48/0x200
[ 3068.644402]  shmem_getpage_gfp+0x3723/0x4840
[ 3068.648830]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3068.653932]  ? update_load_avg+0x387/0x2470
[ 3068.658264]  ? attach_entity_load_avg+0x860/0x860
[ 3068.663115]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3068.668482]  ? check_preemption_disabled+0x48/0x200
[ 3068.673506]  ? __update_load_avg_se+0xae0/0xae0
[ 3068.678175]  ? debug_smp_processor_id+0x1c/0x20
[ 3068.682845]  ? perf_trace_lock+0x14d/0x7a0
[ 3068.687079]  ? rb_erase+0x3710/0x3710
[ 3068.690880]  ? lock_release+0xa10/0xa10
[ 3068.694862]  ? update_load_avg+0x387/0x2470
[ 3068.699182]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3068.704546]  ? mark_held_locks+0x130/0x130
[ 3068.708786]  ? attach_entity_load_avg+0x860/0x860
[ 3068.713634]  ? __mutex_lock+0x85e/0x16f0
[ 3068.717707]  ? mark_held_locks+0x130/0x130
[ 3068.721946]  ? debug_smp_processor_id+0x1c/0x20
[ 3068.726631]  ? attach_entity_load_avg+0x860/0x860
[ 3068.731483]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.737024]  ? check_preemption_disabled+0x48/0x200
[ 3068.742049]  ? debug_smp_processor_id+0x1c/0x20
[ 3068.746728]  ? perf_trace_lock+0x14d/0x7a0
[ 3068.750964]  ? rb_erase+0x3710/0x3710
[ 3068.754778]  ? mark_held_locks+0x130/0x130
[ 3068.759018]  ? lock_is_held_type+0x210/0x210
[ 3068.763439]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3068.768987]  ? xas_start+0x23d/0x740
[ 3068.772721]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3068.778266]  ? xas_descend+0x201/0x510
[ 3068.782163]  ? xa_destroy+0x4d0/0x4d0
[ 3068.785968]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.791527]  ? attach_entity_load_avg+0x860/0x860
[ 3068.796375]  ? debug_smp_processor_id+0x1c/0x20
[ 3068.801053]  ? perf_trace_lock+0x14d/0x7a0
[ 3068.805299]  ? lock_is_held_type+0x210/0x210
[ 3068.809728]  ? filemap_map_pages+0xd11/0x19b0
[ 3068.814226]  ? lock_downgrade+0x900/0x900
[ 3068.818415]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3068.823346]  ? lock_is_held_type+0x210/0x210
[ 3068.827761]  ? cpuacct_charge+0x265/0x440
[ 3068.831935]  ? filemap_map_pages+0xd38/0x19b0
[ 3068.836435]  ? mark_held_locks+0x130/0x130
[ 3068.840674]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.846251]  ? find_get_entries_tag+0x1400/0x1400
[ 3068.851094]  ? update_load_avg+0x2470/0x2470
[ 3068.855503]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.861044]  ? check_preemption_disabled+0x48/0x200
[ 3068.866058]  ? check_preemption_disabled+0x48/0x200
[ 3068.871083]  ? perf_trace_lock+0x14d/0x7a0
[ 3068.875322]  ? __perf_event_task_sched_out+0x33a/0x1bf0
[ 3068.880691]  ? lock_is_held_type+0x210/0x210
[ 3068.885123]  shmem_fault+0x25f/0x960
[ 3068.888842]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.894385]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3068.899668]  ? perf_sched_cb_inc+0x350/0x350
[ 3068.904091]  ? lock_is_held_type+0x210/0x210
[ 3068.908542]  __do_fault+0x100/0x6b0
[ 3068.912177]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3068.917277]  ? kasan_check_read+0x11/0x20
[ 3068.921444]  ? mark_held_locks+0x130/0x130
[ 3068.925677]  ? mark_held_locks+0x130/0x130
[ 3068.929922]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3068.935463]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3068.941036]  __handle_mm_fault+0x3d40/0x5a40
[ 3068.945453]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3068.950301]  ? lock_is_held_type+0x210/0x210
[ 3068.954716]  ? __switch_to_asm+0x34/0x70
[ 3068.958784]  ? __schedule+0x8d7/0x21d0
[ 3068.962883]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3068.967395]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3068.972758]  ? trace_find_filtered_pid.part.59+0x50/0x50
[ 3068.978217]  ? lock_is_held_type+0x210/0x210
[ 3068.982646]  ? handle_mm_fault+0x42a/0xc70
[ 3068.986912]  ? lock_downgrade+0x900/0x900
[ 3068.991063]  ? __do_page_fault+0xa0e/0xd10
[ 3068.995306]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3069.000239]  ? lock_release+0xa10/0xa10
[ 3069.004217]  ? __do_page_fault+0x567/0xd10
[ 3069.008454]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3069.013557]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3069.019100]  ? check_preemption_disabled+0x48/0x200
[ 3069.024129]  handle_mm_fault+0x54f/0xc70
[ 3069.028210]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3069.032794]  ? find_vma+0x34/0x190
[ 3069.036342]  __do_page_fault+0x567/0xd10
[ 3069.040447]  do_page_fault+0xed/0x7d1
[ 3069.044260]  ? vmalloc_sync_all+0x30/0x30
[ 3069.048438]  ? error_entry+0x76/0xd0
[ 3069.052171]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3069.057220]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3069.062063]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3069.067080]  ? lock_is_held_type+0x210/0x210
[ 3069.071496]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3069.076343]  page_fault+0x1e/0x30
[ 3069.079794] RIP: 0010:__get_user_4+0x21/0x30
[ 3069.084203] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3069.103266] RSP: 0018:ffff88010a457830 EFLAGS: 00010206
[ 3069.108630] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc900051da000
[ 3069.115914] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3069.123190] RBP: ffff88010a457b98 R08: 1ffff1002148aee3 R09: 0000000000000000
[ 3069.130462] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff1002148af0e
[ 3069.137749] R13: ffff8801d1d3ea00 R14: 000000008040450a R15: 0000000000000000
[ 3069.145048]  ? __might_fault+0x1a3/0x1e0
[ 3069.149122]  ? evdev_do_ioctl+0x159d/0x2180
[ 3069.153456]  ? str_to_user+0x90/0x90
[ 3069.157193]  ? do_futex+0x249/0x26d0
[ 3069.160912]  ? kasan_check_read+0x11/0x20
[ 3069.165068]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3069.170352]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3069.175897]  ? check_preemption_disabled+0x48/0x200
[ 3069.180936]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3069.186485]  ? check_preemption_disabled+0x48/0x200
[ 3069.191510]  ? debug_smp_processor_id+0x1c/0x20
[ 3069.196181]  ? lock_is_held_type+0x210/0x210
[ 3069.200612]  ? __fget+0x4aa/0x740
[ 3069.204066]  ? lock_downgrade+0x900/0x900
[ 3069.208225]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3069.213161]  ? save_stack+0x43/0xd0
[ 3069.216797]  ? __fget+0x4d1/0x740
[ 3069.220270]  ? ksys_dup3+0x680/0x680
[ 3069.223999]  evdev_ioctl_handler+0x144/0x1a0
[ 3069.228443]  evdev_ioctl+0x27/0x30
[ 3069.231988]  ? evdev_ioctl_compat+0x30/0x30
[ 3069.236310]  do_vfs_ioctl+0x1de/0x1720
[ 3069.240208]  ? ioctl_preallocate+0x300/0x300
[ 3069.244613]  ? __fget_light+0x2e9/0x430
[ 3069.248587]  ? fget_raw+0x20/0x20
[ 3069.252038]  ? _copy_to_user+0xc8/0x110
[ 3069.256047]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3069.261600]  ? put_timespec64+0x10f/0x1b0
[ 3069.265753]  ? nsecs_to_jiffies+0x30/0x30
[ 3069.269908]  ? security_file_ioctl+0x94/0xc0
[ 3069.274319]  ksys_ioctl+0xa9/0xd0
[ 3069.277779]  __x64_sys_ioctl+0x73/0xb0
[ 3069.281721]  do_syscall_64+0x1b9/0x820
[ 3069.285637]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3069.291036]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3069.295967]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3069.300818]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3069.305834]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3069.310851]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3069.315871]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3069.320725]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3069.325912] RIP: 0033:0x457519
[ 3069.329110] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3069.348011] RSP: 002b:00007f7ee6962c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3069.355725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3069.363020] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000005
04:16:25 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8100000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3069.370298] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3069.377565] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ee69636d4
[ 3069.384832] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3069.394672] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3069.403288] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3069.411996] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:25 executing program 4:
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040))
r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x56, 0x200000)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x202000002, 0x31, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:25 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000180))
gettid()
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x125000, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x12, &(0x7f0000000140)='/dev/input/event#\x00', 0xffffffffffffffff}, 0x30)

04:16:25 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0f000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:25 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3069.426933] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3069.508595] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3069.517552] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3069.525808] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3069.534369] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3069.542413] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3069.551103] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:25 executing program 5:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x400001, 0x0)
ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000200)=""/200)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f00000003c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl(r3, 0x8008d12, &(0x7f0000000400)="153f62344895095d76607049358d1806d74b3c037863ec43d7e06734098f8ab367b2482b3f9fd400ed3a3528000004527f68bcebe1f2a15290a32655a3f59aa9552da79ffae7f2b8ef265dfa4dd2671c9053347d74f905f783e61b2de6fa272d7d0793eff9b99a32caea056ba092b27469541f5975b50502910e5bded7265aa2400db6aa7e0c58ceaba0af3423fa6cd9cf261a98c4bf8f0e230afd71ede5dc3ae655dfa520ebf0eb476b9fa1ca787b54edf516982ed0b49bfd6c10d15498")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000040)=@sack_info={<r5=>0x0, 0x3, 0x4f6f}, &(0x7f0000000100)=0xc)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={r5, 0x4}, &(0x7f0000000180)=0x8)

[ 3069.566904] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3069.579572] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3069.594054] Interruptibility = 00000000  ActivityState = 00000000
[ 3069.601634] *** Host State ***
[ 3069.606850] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801beec7390
04:16:25 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:25 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x24a, 0x101100)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000100)=0x80000000, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x101000, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x7c)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x241)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3069.617934] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3069.624426] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3069.651309] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3069.657818] CR0=0000000080050033 CR3=00000001aade6000 CR4=00000000001426f0
[ 3069.671489] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3069.676005] CPU: 1 PID: 11720 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3069.684499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3069.693856] Call Trace:
[ 3069.696461]  dump_stack+0x244/0x3ab
[ 3069.700126]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3069.705343]  handle_userfault.cold.32+0x47/0x62
[ 3069.710045]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3069.714653]  ? userfaultfd_ctx_put+0x830/0x830
[ 3069.719243]  ? _raw_spin_unlock+0x2c/0x50
[ 3069.723399]  ? free_one_page+0xcae/0x1700
[ 3069.727552]  ? rb_erase_cached+0xc78/0x3720
[ 3069.731880]  ? rb_next+0x140/0x140
[ 3069.735434]  ? find_lock_entry+0x2de/0x8e0
[ 3069.739670]  ? preempt_schedule+0x4d/0x60
[ 3069.743831]  ? find_get_entry+0x1120/0x1120
[ 3069.748166]  ? mark_held_locks+0x130/0x130
[ 3069.752408]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3069.757538]  ? mark_held_locks+0x130/0x130
[ 3069.761779]  ? mark_held_locks+0x130/0x130
[ 3069.766021]  shmem_getpage_gfp+0x3723/0x4840
[ 3069.770453]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3069.775579]  ? lock_downgrade+0x900/0x900
[ 3069.779741]  ? mark_held_locks+0x130/0x130
[ 3069.783982]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3069.789346]  ? lock_acquire+0x1ed/0x520
[ 3069.793320]  ? __update_load_avg_se+0xae0/0xae0
[ 3069.797998]  ? update_load_avg+0x387/0x2470
[ 3069.802326]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3069.807708]  ? attach_entity_load_avg+0x860/0x860
[ 3069.812556]  ? __mutex_lock+0x85e/0x16f0
[ 3069.816624]  ? mark_held_locks+0x130/0x130
[ 3069.820866]  ? mutex_trylock+0x2b0/0x2b0
[ 3069.824928]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3069.830507]  ? attach_entity_load_avg+0x860/0x860
[ 3069.835364]  ? mark_held_locks+0x130/0x130
[ 3069.839602]  ? lock_downgrade+0x900/0x900
[ 3069.843755]  ? rb_erase+0x3710/0x3710
[ 3069.847559]  ? __update_load_avg_se+0xae0/0xae0
[ 3069.852233]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3069.857778]  ? xas_start+0x23d/0x740
[ 3069.861505]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3069.867043]  ? xas_descend+0x201/0x510
[ 3069.870938]  ? xa_destroy+0x4d0/0x4d0
[ 3069.874743]  ? attach_entity_load_avg+0x860/0x860
[ 3069.879592]  ? freezer_fork+0x376/0x600
[ 3069.883579]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3069.889128]  ? xas_load+0x43/0x1e0
[ 3069.892732]  ? filemap_map_pages+0xd11/0x19b0
[ 3069.897234]  ? lock_downgrade+0x900/0x900
[ 3069.901391]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3069.906328]  ? cpuacct_charge+0x265/0x440
[ 3069.910513]  ? filemap_map_pages+0xd38/0x19b0
[ 3069.915015]  ? mark_held_locks+0x130/0x130
[ 3069.919263]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3069.924811]  ? find_get_entries_tag+0x1400/0x1400
[ 3069.929658]  ? update_load_avg+0x2470/0x2470
[ 3069.934075]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3069.939624]  ? check_preemption_disabled+0x48/0x200
[ 3069.944649]  ? __perf_event_task_sched_out+0x33a/0x1bf0
[ 3069.950021]  ? pick_next_task_fair+0xa05/0x1b30
[ 3069.954694]  ? rcu_qs+0x23/0x110
[ 3069.958087]  shmem_fault+0x25f/0x960
[ 3069.961958]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3069.967523]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3069.972806]  ? perf_sched_cb_inc+0x350/0x350
[ 3069.977228]  __do_fault+0x100/0x6b0
[ 3069.980861]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3069.985963]  ? kasan_check_read+0x11/0x20
[ 3069.990112]  ? mark_held_locks+0x130/0x130
[ 3069.994346]  ? mark_held_locks+0x130/0x130
[ 3069.998582]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3070.004119]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3070.009662]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3070.015204]  __handle_mm_fault+0x3d40/0x5a40
[ 3070.019622]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3070.024464]  ? __switch_to_asm+0x34/0x70
[ 3070.028530]  ? __switch_to_asm+0x40/0x70
[ 3070.032619]  ? __switch_to_asm+0x34/0x70
[ 3070.036676]  ? __switch_to_asm+0x40/0x70
[ 3070.040773]  ? __switch_to_asm+0x34/0x70
[ 3070.044842]  ? __switch_to_asm+0x40/0x70
[ 3070.048908]  ? __schedule+0x8d7/0x21d0
[ 3070.052799]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3070.057307]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3070.062669]  ? trace_find_filtered_pid.part.59+0x50/0x50
[ 3070.068133]  ? handle_mm_fault+0x42a/0xc70
[ 3070.072368]  ? lock_downgrade+0x900/0x900
[ 3070.076512]  ? __do_page_fault+0xa0e/0xd10
[ 3070.080765]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3070.085706]  ? unregister_trace_event+0x3c0/0x470
[ 3070.090549]  ? lock_release+0xa10/0xa10
[ 3070.095008]  ? __do_page_fault+0x567/0xd10
[ 3070.099247]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3070.104353]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3070.109891]  ? check_preemption_disabled+0x48/0x200
[ 3070.114930]  handle_mm_fault+0x54f/0xc70
[ 3070.119050]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3070.123645]  ? find_vma+0x34/0x190
[ 3070.127190]  __do_page_fault+0x567/0xd10
[ 3070.131262]  do_page_fault+0xed/0x7d1
[ 3070.135065]  ? vmalloc_sync_all+0x30/0x30
[ 3070.139211]  ? error_entry+0x76/0xd0
[ 3070.142929]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3070.147957]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3070.152802]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3070.157828]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3070.162726]  page_fault+0x1e/0x30
[ 3070.166185] RIP: 0010:__get_user_4+0x21/0x30
[ 3070.170593] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3070.189496] RSP: 0018:ffff88010a457830 EFLAGS: 00010206
[ 3070.194857] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc900051da000
[ 3070.202128] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3070.209395] RBP: ffff88010a457b98 R08: 1ffff1002148aee3 R09: 0000000000000000
[ 3070.216695] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff1002148af0e
[ 3070.223970] R13: ffff8801a5e63740 R14: 000000008040450a R15: 0000000000000000
[ 3070.231260]  ? __might_fault+0x1a3/0x1e0
[ 3070.235327]  ? evdev_do_ioctl+0x159d/0x2180
[ 3070.239652]  ? str_to_user+0x90/0x90
[ 3070.243363]  ? do_futex+0x249/0x26d0
[ 3070.247092]  ? kasan_check_read+0x11/0x20
[ 3070.251246]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3070.256522]  ? rcu_softirq_qs+0x20/0x20
[ 3070.260508]  ? unwind_dump+0x190/0x190
[ 3070.264397]  ? exit_robust_list+0x280/0x280
[ 3070.268739]  ? __fget+0x4aa/0x740
[ 3070.272196]  ? lock_downgrade+0x900/0x900
[ 3070.276350]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3070.281285]  ? save_stack+0x43/0xd0
[ 3070.284920]  ? __kasan_slab_free+0x102/0x150
[ 3070.289330]  ? __fget+0x4d1/0x740
[ 3070.292789]  ? ksys_dup3+0x680/0x680
[ 3070.296515]  evdev_ioctl_handler+0x144/0x1a0
[ 3070.300925]  evdev_ioctl+0x27/0x30
[ 3070.304466]  ? evdev_ioctl_compat+0x30/0x30
[ 3070.308795]  do_vfs_ioctl+0x1de/0x1720
[ 3070.312692]  ? ioctl_preallocate+0x300/0x300
[ 3070.317113]  ? __fget_light+0x2e9/0x430
[ 3070.321085]  ? fget_raw+0x20/0x20
[ 3070.324540]  ? _copy_to_user+0xc8/0x110
[ 3070.328521]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3070.334068]  ? put_timespec64+0x10f/0x1b0
[ 3070.338217]  ? nsecs_to_jiffies+0x30/0x30
[ 3070.342371]  ? security_file_ioctl+0x94/0xc0
[ 3070.346782]  ksys_ioctl+0xa9/0xd0
[ 3070.350236]  __x64_sys_ioctl+0x73/0xb0
[ 3070.354129]  do_syscall_64+0x1b9/0x820
[ 3070.358013]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3070.363383]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3070.368309]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3070.373167]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3070.378188]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3070.383208]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3070.388233]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3070.393080]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3070.398280] RIP: 0033:0x457519
[ 3070.401482] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3070.420384] RSP: 002b:00007f7ee6962c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3070.428115] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3070.435382] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000006
[ 3070.442646] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3070.449909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ee69636d4
[ 3070.457174] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3070.476249] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3070.483296] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3070.494922] *** Control State ***
[ 3070.503284] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3070.510141] EntryControls=0000d1ff ExitControls=002fefff
[ 3070.515744] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000040}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:26 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x806000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:26 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:26 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = msgget$private(0x0, 0x80)
msgrcv(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e11c1d862ccbc4f130c16f32c2"], 0xf3, 0x0, 0x1000)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x10000, 0x100)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000800)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000900)=0xe8)
sendmsg$xdp(r3, &(0x7f0000000ac0)={&(0x7f0000000940)={0x2c, 0x5, r4, 0x3b}, 0x10, &(0x7f0000000a80)=[{&(0x7f0000000980)="ab3e7b718a0698b6ae328da7f016d560851b8de9c00d57fd4045a189b085483a42280eb16d00418835e07bef9e4013ba23468e4354d783ce44c0941fa325400bc4c80614fdf53735234864fac13b434caf2a98d10d46e3da35", 0x59}, {&(0x7f0000000a00)="fd887e9970d3613afe171b06e2d91b3e883676ab467f97bcbb3b74b554c066f25a5ec2a809d61e9ee3410290267127ba67739f37a9ad956ad018578df8ee548bebca3486a39da335720bf271fb488212d73fdb10d3539216715c3c05431d", 0x5e}], 0x2}, 0x8000)

[ 3070.523045] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3070.530139] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3070.536964]         reason=80000021 qualification=0000000000000000
[ 3070.543542] IDTVectoring: info=00000000 errcode=00000000
[ 3070.549154] TSC Offset = 0xfffff9926d94322d
[ 3070.553671] EPT pointer = 0x00000001bb06901e
04:16:26 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:26 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:26 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1000, 0x20000)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000100)={0x5, 0xfffffffffffffff9, 0xb61e, @local, 'eql\x00'})
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3070.657518] *** Guest State ***
[ 3070.660940] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3070.670184] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3070.679208] CR3 = 0x0000000000002000
[ 3070.683004] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3070.690124] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3070.698402] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3070.705351] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3070.711820] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3070.719036] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3070.730452] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3070.738869] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3070.747007] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:26 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3070.755021] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3070.771144] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3070.779542] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3070.787780] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3070.795771] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:16:26 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x800000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3070.803946] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3070.811989] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3070.818501] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3070.825955] Interruptibility = 00000000  ActivityState = 00000000
[ 3070.832241] *** Host State ***
[ 3070.835447] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a67af390
[ 3070.841508] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3070.847955] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
04:16:26 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3070.856148] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3070.874797] CR0=0000000080050033 CR3=000000017fa99000 CR4=00000000001426f0
[ 3070.892101] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
04:16:26 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00')
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x40000800, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x400040, 0x0)

[ 3070.903158] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3070.909346] *** Control State ***
[ 3070.912891] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3070.920117] EntryControls=0000d1ff ExitControls=002fefff
[ 3070.925603] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3070.940512] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3070.948683] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:26 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:26 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3070.957753]         reason=80000021 qualification=0000000000000000
[ 3070.964196] IDTVectoring: info=00000000 errcode=00000000
[ 3070.969903] TSC Offset = 0xfffff99138522c9e
[ 3070.974314] EPT pointer = 0x00000001bfdc201e
[ 3071.053244] *** Guest State ***
[ 3071.056543] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3071.065874] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3071.074815] CR3 = 0x0000000000002000
[ 3071.078627] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3071.085139] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3071.092004] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3071.098203] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3071.104186] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3071.104200] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3071.104220] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3071.104240] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3071.104257] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3071.135095] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:27 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8848, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3071.151224] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3071.159308] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3071.185405] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3071.196197] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3071.205040] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3071.213458] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3071.220520] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3071.228095] Interruptibility = 00000000  ActivityState = 00000000
[ 3071.234323] *** Host State ***
[ 3071.237576] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c1717390
[ 3071.243571] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3071.250092] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3071.257922] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3071.263810] CR0=0000000080050033 CR3=00000001c5012000 CR4=00000000001426f0
[ 3071.270876] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3071.277581] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3071.283622] *** Control State ***
[ 3071.287112] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3071.293774] EntryControls=0000d1ff ExitControls=002fefff
[ 3071.299279] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3071.306241] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3071.312947] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3071.319592]         reason=80000021 qualification=0000000000000000
[ 3071.325920] IDTVectoring: info=00000000 errcode=00000000
[ 3071.331389] TSC Offset = 0xfffff9910103c38a
[ 3071.335728] EPT pointer = 0x00000001b97bd01e
04:16:27 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:27 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
fcntl$getflags(r0, 0x1)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = getpgrp(0x0)
syz_open_procfs(r1, &(0x7f0000000040)='net/route\x00')
r2 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0xfffffffffffffffe)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:27 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:27 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:27 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xfffffff5, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:27 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x2800050})
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x400, 0x2)
ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r4 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x0, 0x40000)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@ipv4}, 0x0, @in6=@ipv4={[], [], @dev}}}, &(0x7f0000000200)=0xe8)
getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=<r6=>0x0)
write$FUSE_ENTRY(r4, &(0x7f0000000300)={0x90, 0x0, 0x4, {0x6, 0x0, 0x9, 0x6270, 0x80, 0x2d4c000000000, {0x4, 0x8, 0x0, 0x100000000, 0x85dc, 0x7ff, 0x6, 0x4, 0x1, 0x8, 0x8, r5, r6, 0x1, 0x7fffffff}}}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0x4, 0x5, 0x3, 0x0, 0x9, 0xffffffffffffffff, 0x8}, 0x2c)

04:16:27 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x20000, 0x0)
mknodat(r2, &(0x7f0000000080)='./file0\x00', 0x44, 0x12ef)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:27 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3072.007105] *** Guest State ***
[ 3072.010548] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3072.019783] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3072.033843] CR3 = 0x0000000000002000
[ 3072.038015] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3072.044519] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:27 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x800, 0x12000)
ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000080)={0x9})
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
r3 = msgget$private(0x0, 0x401)
msgctl$MSG_INFO(r3, 0xc, &(0x7f0000000100)=""/130)

[ 3072.051893] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3072.058224] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3072.064462] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3072.071997] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:16:27 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:28 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffca88, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3072.098232] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.107129] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.129089] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:28 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3072.147460] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.162471] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.171224] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3072.179531] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3072.188468] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:16:28 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0010000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3072.197755] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3072.205813] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3072.212504] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3072.220146] Interruptibility = 00000000  ActivityState = 00000000
[ 3072.226474] *** Host State ***
[ 3072.232348] RIP = 0xffffffff811f9ed3  RSP = 0xffff880124147390
[ 3072.238492] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3072.245666] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3072.253960] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3072.260025] CR0=0000000080050033 CR3=00000001c0b77000 CR4=00000000001426f0
[ 3072.267455] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3072.274236] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3072.280370] *** Control State ***
[ 3072.283891] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3072.290661] EntryControls=0000d1ff ExitControls=002fefff
04:16:28 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:28 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000008}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3072.296187] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3072.303221] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3072.310132] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3072.316818]         reason=80000021 qualification=0000000000000000
[ 3072.323440] IDTVectoring: info=00000000 errcode=00000000
[ 3072.329222] TSC Offset = 0xfffff99086f9c3b7
[ 3072.333643] EPT pointer = 0x000000019fb2501e
04:16:28 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x800e000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:28 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3072.454867] *** Guest State ***
[ 3072.464622] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3072.474980] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3072.484091] CR3 = 0x0000000000002000
[ 3072.488389] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3072.494897] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3072.501455] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3072.507527] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3072.513506] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3072.520223] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3072.528251] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.536224] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.544231] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.552228] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.560230] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.568784] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3072.576926] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3072.584900] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3072.593588] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3072.601606] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3072.608044] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3072.615522] Interruptibility = 00000000  ActivityState = 00000000
[ 3072.621777] *** Host State ***
[ 3072.624978] RIP = 0xffffffff811f9ed3  RSP = 0xffff88016da3f390
[ 3072.631000] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3072.637447] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3072.645277] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3072.651212] CR0=0000000080050033 CR3=0000000188806000 CR4=00000000001426e0
[ 3072.658279] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3072.664950] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3072.671043] *** Control State ***
[ 3072.674498] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3072.681183] EntryControls=0000d1ff ExitControls=002fefff
[ 3072.686642] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3072.693609] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
04:16:28 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:28 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3072.700524] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3072.707150]         reason=80000021 qualification=0000000000000000
[ 3072.713481] IDTVectoring: info=00000000 errcode=00000000
[ 3072.718967] TSC Offset = 0xfffff99048ca2611
[ 3072.723299] EPT pointer = 0x000000018156801e
04:16:28 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3072.887046] *** Guest State ***
[ 3072.890482] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3072.899522] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3072.919819] CR3 = 0x0000000000002000
[ 3072.923541] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3072.930103] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3072.936727] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3072.943095] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3072.949266] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3072.955937] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3072.964304] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.972349] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.980404] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.988407] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3072.996378] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.004415] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3073.012452] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3073.026122] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:16:28 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x300, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:28 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24200020100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:28 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x402500, 0x0)
ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000080))
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:28 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
r2 = openat$cgroup_ro(r1, &(0x7f0000000180)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f00000001c0)={@mcast1, <r3=>0x0}, &(0x7f0000000200)=0x14)
bind$packet(r2, &(0x7f0000000240)={0x11, 0x1b, r3, 0x1, 0x3}, 0x14)
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x2, 0x0)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000140))
r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$EVIOCGMTSLOTS(r5, 0x8040450a, &(0x7f0000013000))

[ 3073.034159] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3073.042181] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3073.042195] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3073.056061] Interruptibility = 00000000  ActivityState = 00000000
[ 3073.062336] *** Host State ***
[ 3073.068001] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010a577390
04:16:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ef05aa200000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="e03f0300100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3073.092324] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3073.105619] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3073.113892] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3073.126893] CR0=0000000080050033 CR3=0000000196c44000 CR4=00000000001426e0
04:16:29 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0xd7f273d8fc9f0422)
write$UHID_INPUT(r2, &(0x7f0000000140)={0x8, "38bf63238cfc3894d483ff74489117d3cf1dabebf5db724a2fa851fd0b642865ac15f918d705e215ef18e06aab0f90c4411ab828298cd67f597cd1f3208ff3b782a7a18504f1fabbee6bbc4f35388538325c64981dfcca0d7ba1c564bce877d393320ca3967c03042c365efc8fa70fdf337fb533072621d9a13d1b0a0d1cf7ea9d069e92b1a6548be09ab5a575feadf2cb43116236be763bcef585999aff5dc8f0c68f8e96b4d2c6bd9cdd00ae07f758b0c2a1ff1fb6d3070d03bfb480a1643677ccfb44e232bc2eff47c3579dc2daa47d08e2dfb58f7a1acc8a5b6b32458b0d86872ff692979e0a05b22f28bf0c525651ea3a0403c3de550dbfc15cbecf12eed45205baff68ab5d61eaa960e9ec69cdca305ec96fa167ebafa631b8eb3e36b0bf3a7f44edc1818a67de6bbb12403fc2cf5c1ca59b046a3e45affd57cb2d64b6041139e7d15d9715820fdb24b205b2b5e5899244baa5998a5fa88a7112338c89e19bd7303937c6f094f6414aea850f1162cf0fa69618137b99f2f3c3c45c687cb3e801405a0f9aa60a1ca4c8db6bc98b51a271c484212d20fb29bc7c1aa71a1f2fe99ce7fc5768cea95389415ed10fa362fed5c2ec6c38dc1326dc379cc07d7869d8f03997f008287ddba129d19e6bcb9b857ebc5fb03e41771064cbecf5afd294ef9b035650837d92d61145ee3bf569844f0c1f4e1a0f058a09f18c1782ead455cfd2cc534aa14116b5f2ebf36a61088cfb5b7cf5bdc4d68651e11cfd9d264c00202fd57bf7ba4a01b7bcb750c96733799dd0627baef3f7724d98c20fd36760c4facd0724c13684bbc5e36c0ab67c855b78ce95886080beeef13fe4e96b91ea7549ac1f40f3396e0e5e1dd20329075ba68d86cc0bac81f599e6f44cae13ebbc265ce7e6ab782e02937a5c9ed35521aa976c112acd318ef423dc0fc458ce224b33f32776b57fdc1c8bb878f2b59fdf4d7b9482bae4c664e4706fb7452ad5a5a2d66ea26c3fef70641272226cdeaca0b1f81e0cf760b9c9aa6698e5ae46c98809d23a183063b33b1edb2cb6d9ca9ae77a15a552d2c1cd8b52731870ac444c03e53014dda2d321e1cda168099f940fdb9b97f6cff2822752ae45d66a728c57a1d9d5873f3eafb1ebc41e49a97fdfd841a355e300e464f61186d55c22eefddbd7eebaa89363fa1ab8f9aaa17557ce6129b84afffed0ca031644437d22a13c1ca551d76032cefd33bde2a9975228d153395b1bd3121bc0a8dee9154017081139dac79525d2748e8d37e9d405a1068ceed5ba18420182eb15b773b290d127cb370b25bcd053e38864461104ff00c2c90a8408d5c537e11b4e093cc5152a8b264128c1e852c4bcf1aab7f9dab2baa2ca3ae60872e5143884526b0a570536e6c84728549af95f6607fa60d4c60a60c11a0f54daab44fe9d5191d3374898a9d080e5b91764b28d4e292a9b35a5fc5ace7e54f066e406d7c90e0bfef4f37e9fa56011874473873067e28b50cf89e6ff3c10f8233c5f53449feeedf363d5821596758faad693f1e65635e873a45de7a11129f3455c3dc6c7e27d0a1f43029b2d8ddab9367e881dcc521b6b442df93668150c9e25314c33dd288bc20a44338bb450c6f79f3a7c4ba98e137af2e0a0d1f767d2786d536466884d228285a9376cc7b1d9f44e9ab4e6492543219a733995fddcde48bc669d8a66dc440823340343e4ea2e5bf5f95181e478d555bc189be2e82db42d9ccf4e6f1fd06973a050dfcefe68b5b5f60c6459cbc0b1b255fe84b3a4093be9f2c0c0ab242c9795ef84b0d6ceb98f3d5a87cdd3bab31c2eae5fefc18b5e70603235ace76d72148e0e0ca55c4284a424f7c6d5877216b97f70116715ea7e5201c37f627f7f9021ac35b6686f9545059902f6767784a8522a0ccf908b5cdf305c09c07ce5c3a823c13ae7bccd93e65d2dd975701b699b045ed7c1ab0c3bc29cb554ce7558104e796d198a0464a9f56dad78fbb98c718dda7786298edd0a9428079bf41d7c300e852401c83cc2bff443aa6727fcf8ca8267da7b304badc4961303ac999ab2b713295a65ddf05b373af9839994c7d058630f02ebcccc556cb53d68b610cd649da520b33ed158b2ebf9678ef432f520e3ae5ea05d755581d58b578b700f4f65dbb7d56826078f56db6f40460faf91148eac91dea7f383b19998c313452f4d04b5d602266a7375194cb19f98211b8870a45f1ccc87e9be5ffe0dbe8b2c69ace9c0f768248ac7179dfcb2c67b555d79c2e6868b8281fcc1c930af545a73ae3a7514d53926615468395cddc4e9746e720a34edd3bff7dfe4169c123b4e94be7b47e478a60253cb3f4bb19bd424fac856a5c0f3dac93ca37103a0baee91ead74ffd2b607acddb5baca3738023d3de2fe604d265f6f8c95eafded4e9e88806a5eec4da478c871e7ecc783a9f4f498235b66605d27f6e885f14597143d81fb4e6c7a5f8e4251a461e5780a632addda2325b76f2b1201393dea25019be72d4e259997d6d0630e44a94e21c32ae80a52625f6988b1fd86fdc609c8d32b9b8fdadad3af7f0d2b5b512aa36689bc8f3b80d96b1327d8a2bbf3e05555d4701de3c686f8ba8410dd3bd1c67b7bdc8b3c3b59890c378a971aabe230e7bbba6379cb83b15099dee7e1c7a0631d39082c0ecafe24181f5283104e7865115f397cc3ef71f2056e07c497be2cc9c3c269b403633156945ee5e9ef71714bae129c9049c97a45d48d636e19f0f80a4130648a553f087604fd3a57e8a879d6be70883a3dd2d935b15a9adf62731e0852b43c53217c1fe76c05760dfa66448ca8a073bd755a318f78dc6b57e3f99f88cc4bd4edff1511a6e723932d25cac44d4fc6214ce3a49d2c0ae8b8478d521dbd0a162455d68dafcdf516300d4e1ac149541a6b346b12d3fc0d8adacb47a3e4dcdbbd4c72b3c5191757e935a00d4a081de00a21ed831aac8dafb4fd79d3e699197b74157ae8fd36f5d8f6e569fae303271e88c49203f33c5e7f59f2f7fdad0c5b364562be77eac67cc299849805cc46d8ae26d2845d332df304637cb2b576e5afb6b62a537655f13a791fa3f991503cb8bfc3a3359cc629dc15305e5c6c381df2c58dddc907ff1f51d1f2f5dc164200c426d43b69c00c79ec2d563a9dfa5ecdb05a443e6488d519b0665499680b51e11c49cc7550180ab7f79bea5cf07e2f93087153ca20ffb4f6c6e9d4db990487c3c698f64773d70db28696c9d99ada03808f0786fe238a21979b8c581f17b719e808aaf764c2de66e7feba42cab8d5bff2be00e7b4602903362f527dd802b23029e61262d17a04af137581a7777801a1bbfd95fa6d5cbb5d3dc2450ee00f7b0d14834e7d1ffc983722c08dbfd748784f8c4148e1b3bc9c66558bc8081be08efb6306240970fe3e42b5aa1c3196afe356f6fa4f27d351cfde0c99062c3c1f6ea9674b058b2638474cdcf9e4fd3071256316a8249c5eef60f64f36039fc778f85e6905ae7ff157848ba07febb0dad793b6b52dfd2ef04a34ce20820b7fe94adc72b3ef1f93c0f243fad72f2e6e193126282bb4deb37088c349515c5671c43c71ef6b411b1df403fa69facb444d32f59a0c9214f70d80acb2df83b773c111b24343ea3eff9fc13bf6535748e61727818ac5124accd75a864eee4e53f42040b51f2a4c9b5e749529ba6a82bf0bcdd5bbfc41b8f621f750c08f1645faa914d4ad42d5ef0bb3c73750f1587948bb0d566d6198ca2ea962c2e67a47f527e6cdbd25534988d05bb4161edf7052530692c3638463c83ec3608c24c3575a1d8341d193f9fb74d6f46105666c6c6bbc4e03960ff607c2d2cf1b061f357e32a5f0ca673b64289a3530f92e52d2ad44ce9ff697c51604b9af5b013e69425b0863096048d0a3ea9f5354cfb35d7d62b124e57832aec1c2226a9539e747484525404ec267aa8152d0db8881f91d5efd15768ca4de30649fd220cef8d6fbf319cbdcbe3a195937aac0b8e9327740a92ccba11dbe6f1c01110434833df44a111013cd9d8f8f32e37bd16c173237629106e5ea4e4120cee4b222cdff18a584eea1216c83e766da43b01841fc797b27ce31acecb472bfbea0d354f692b1eab17288e40590da151d77599165260e35914d6236af7aa18692d555f799b810144f22159fb4d0dea58593be59eaa1a4ea80d3d6dcebc50ac9e345a5e90ac161cdc0c3aa3eb0cb2e13011d1a8b014fdf17ae46584ec065c812df7ae079d316f4b5cac928390cc6abe716b0891aeda8cc0f7cbc07f51494a0103c379ad4de8b3821833b89fbb75111979158291d27f5cb622e84253f0a4d7f438d1da80b0567e7615a03ae232916542dc68edda580a0b0406b879389a78d9911bd1fecd8cde7e97cac0ed9bed72107093b8ec4f013d854303844e84f322ba6b0b56b0f20b01f87cb0abbe2533c6c028da2ae40033ddbe31c9ffee97c75a9c6ed00d6e5d51f5f7d163e0741f920add63502f28b12548653ede114d9d1da2cc85bafd289a45e4c7094748f9bb63adfbb6695bd21e1461e5d49dea9a4c49b82a69a91d75cb47be1f26569a719d1760099a81cb934b19cc208c2cf294cf2e9be118b74a9e749346402c581e64b80259e22ed7618f3c0d5973d13853b1b8b4faf9a1f6b8a88c7ee4e34e0d2c41615886676440a37ac61d94f909e8defa73639cae7219d991afbdc430bea97acb6db3fd4a4aaa7b5a7dd4c0e963a4407586cb31fae1933db487cf081ef2982b68ff69317d679b597af402d8d9b46fa1eb00e945f53a5db0db13f955dcf9b887d6a288df4935132084bdaa932089529f7d168dfe13a42e2428070d236a2ef1fb9bab62abfc31014bba79ebe51c6cdcf5ad2f316df0cf2461406cf95928aadff0138976f59abfb3f1bb3e5bb9083e3258b6575f47c008a4b57efefe06eb3d2387fdb115882e980ee51efaea0f55d2a33ab53f695f8b05858e01e2b444ebcca45580d4283c3d33f02de3b5c6f42a9a412e41ceafac714b5c2dc109d88f5bb7c35aadac05c1e451fa329d463698338b5b4b9a0f1da83306989b010a7334b0d5162382e57f167ddf84eb8241c4bab6aaa30ffeb8730f7f77415982f8af430b451037c3065335ef6c4d9bce62625bc915bd58abba49b333812a1407c7dcb55af1e72840a775fb5e6e50df41ad93560bfee2fadbc74660d48206eda13413280a362a8c81afa7f240f00d1cfe8012182871e66a3335243c3c1702001846576a7de72cca919ba141de848710b141aa7f9c2b2e2e7506ac3160a51564e4c73f5336b8e9f17de91d20709a3289b6b1dbbc38b53c111fc40cb1f6ffa57c4270efe1e0b8b2185a474a46c2dc35ad3f272b1a83cadef1f29d77f4c2f83118c728998efd72e23aeaa47cab63dba72e4cd56abd64f8a15da6f764302b8e6f6ffde50556bf8a26cde8b1702742b4d22ce61bd794c0dcc8aaf2b181612f3529225f168805e60ec807c70111553e57d9d195905122144499c1f077014dd6e624f5284c4745aad642ffba0340b1187425a4db245cd6bf43d0e19ca444246d7848e18ffe72c315b579ae678ec591aa7efd606b75f5fc8caf769f134ce0a2d4d32dc1a3ce89300bc19c4f6a9c67a2a3d7717cf51a1e311fec8818cb7ae0977c3b356224ab96867954b305d1fde6f56674c699218f5a60dd885866070be831c59ebf5b90c3d546eb29b1d7bd826f08e2f84a60f62e550b4dbdae60478bb53b15e73e751a398053c463baf17a689311b475eaec5722e1a2cc2fca99914aec3cb30790252d4adc56fa87809e0ebc7f93", 0x1000}, 0x1006)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
socket$inet(0x2, 0x6, 0xff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3073.140620] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3073.152054] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3073.166474] *** Control State ***
[ 3073.176897] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3073.185963] EntryControls=0000d1ff ExitControls=002fefff
[ 3073.192264] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3073.199465] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3073.206256] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="00f0ff7f100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3073.237050]         reason=80000021 qualification=0000000000000000
[ 3073.254362] IDTVectoring: info=00000000 errcode=00000000
[ 3073.267262] TSC Offset = 0xfffff99009ce6f81
[ 3073.274424] EPT pointer = 0x00000001125ff01e
04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="0f000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3073.371823] *** Guest State ***
[ 3073.376370] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3073.397038] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
04:16:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xf0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3073.423132] CR3 = 0x0000000000002000
[ 3073.429001] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3073.435599] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3073.442451] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3073.457054] RFLAGS=0x00000002         DR7 = 0x0000000000000400
04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="effdffff100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3073.470712] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3073.478863] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3073.487303] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.500255] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.508628] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.516936] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.526171] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.535104] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3073.543138] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3073.551261] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3073.559310] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3073.567329] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3073.573764] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3073.581238] Interruptibility = 00000000  ActivityState = 00000000
[ 3073.587511] *** Host State ***
[ 3073.590721] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010a577390
[ 3073.596810] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3073.603223] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3073.611176] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3073.617133] CR0=0000000080050033 CR3=000000018b43e000 CR4=00000000001426e0
[ 3073.624164] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3073.630880] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3073.636982] *** Control State ***
[ 3073.640433] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3073.647112] EntryControls=0000d1ff ExitControls=002fefff
[ 3073.652565] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3073.659517] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3073.666187] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100008000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="c0000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3073.672793]         reason=80000021 qualification=0000000000000000
[ 3073.679139] IDTVectoring: info=00000000 errcode=00000000
[ 3073.684578] TSC Offset = 0xfffff98fc3c9f75d
[ 3073.688929] EPT pointer = 0x0000000196a2b01e
[ 3073.762469] *** Guest State ***
[ 3073.765756] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3073.774891] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3073.784169] CR3 = 0x0000000000002000
[ 3073.787955] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3073.794457] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3073.800989] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3073.807032] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3073.813011] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3073.813025] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3073.813044] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.813063] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.842159] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.857815] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.865941] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3073.874524] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3073.882742] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3073.890844] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3073.898874] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3073.906870] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3073.913268] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3073.920762] Interruptibility = 00000000  ActivityState = 00000000
[ 3073.927032] *** Host State ***
[ 3073.930218] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010a577390
[ 3073.936189] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3073.942628] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3073.950461] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3073.956337] CR0=0000000080050033 CR3=00000001c59a6000 CR4=00000000001426e0
[ 3073.963578] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3073.970306] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3073.976390] *** Control State ***
[ 3073.980082] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3073.986899] EntryControls=0000d1ff ExitControls=002fefff
[ 3073.992658] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3074.000058] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3074.006827] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:29 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="13000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:29 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x543, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3074.013427]         reason=80000021 qualification=0000000000000000
[ 3074.013435] IDTVectoring: info=00000000 errcode=00000000
[ 3074.013441] TSC Offset = 0xfffff98f8d70e666
[ 3074.013464] EPT pointer = 0x00000001a272301e
04:16:29 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0008000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:30 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x7, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:30 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000296000/0x1000)=nil, 0x1000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000247000/0x4000)=nil, 0x4000}, 0x2})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000519000/0x1000)=nil, 0x1000}, 0x2})
openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x20400, 0x0)

04:16:30 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="c00e0000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3074.177018] *** Guest State ***
[ 3074.180487] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3074.190144] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3074.209711] CR3 = 0x0000000000002000
[ 3074.214224] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3074.223983] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3074.231300] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3074.237954] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3074.244238] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3074.251535] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:16:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x4305000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:30 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000090007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3074.274724] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3074.285483] IPVS: ftp: loaded support on port[0] = 21
[ 3074.291025] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:30 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0)
ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000100))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3074.330384] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3074.362210] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3074.374634] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:30 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x101800, 0x0)
ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{}, {}]})
r1 = userfaultfd(0x800)
ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=<r2=>0x0)
ptrace(0x4207, r2)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3074.421550] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3074.433210] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
04:16:30 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24040000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3074.472098] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3074.484391] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3074.510853] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:30 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x700, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3074.517435] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3074.531879] Interruptibility = 00000000  ActivityState = 00000000
[ 3074.538280] *** Host State ***
[ 3074.544329] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018b5af390
[ 3074.550816] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3074.560054] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3074.570785] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3074.585927] CR0=0000000080050033 CR3=0000000185c9c000 CR4=00000000001426e0
[ 3074.605178] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3074.612461] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3074.617606] CPU: 0 PID: 11998 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3074.626107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3074.635458] Call Trace:
[ 3074.638055]  dump_stack+0x244/0x3ab
[ 3074.641692]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3074.646912]  handle_userfault.cold.32+0x47/0x62
[ 3074.651595]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3074.656193]  ? rb_erase_cached+0xc78/0x3720
[ 3074.660520]  ? userfaultfd_ctx_put+0x830/0x830
[ 3074.665127]  ? find_lock_entry+0x2de/0x8e0
[ 3074.669371]  ? find_get_entry+0x1120/0x1120
[ 3074.673697]  ? mark_held_locks+0x130/0x130
[ 3074.677963]  ? mark_held_locks+0x130/0x130
[ 3074.682210]  ? mark_held_locks+0x130/0x130
[ 3074.686450]  ? mark_held_locks+0x130/0x130
[ 3074.690697]  shmem_getpage_gfp+0x3723/0x4840
[ 3074.695132]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3074.700236]  ? __update_load_avg_se+0xae0/0xae0
[ 3074.704919]  ? update_load_avg+0x387/0x2470
[ 3074.709248]  ? attach_entity_load_avg+0x860/0x860
[ 3074.714092]  ? mark_held_locks+0x130/0x130
[ 3074.718330]  ? update_load_avg+0x387/0x2470
[ 3074.722655]  ? mark_held_locks+0x130/0x130
[ 3074.726891]  ? attach_entity_load_avg+0x860/0x860
[ 3074.731739]  ? __mutex_lock+0x85e/0x16f0
[ 3074.735796]  ? freezer_fork+0x1cc/0x600
[ 3074.739771]  ? mark_held_locks+0x130/0x130
[ 3074.744009]  ? mutex_trylock+0x2b0/0x2b0
[ 3074.748070]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3074.753605]  ? delete_node+0x307/0xdc0
[ 3074.757496]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3074.762863]  ? __update_load_avg_se+0xae0/0xae0
[ 3074.767561]  ? cpuacct_charge+0x265/0x440
[ 3074.771737]  ? lock_downgrade+0x900/0x900
[ 3074.775895]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3074.781431]  ? xas_start+0x23d/0x740
[ 3074.785144]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3074.790695]  ? xas_descend+0x201/0x510
[ 3074.794596]  ? xa_destroy+0x4d0/0x4d0
[ 3074.798403]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3074.803329]  ? task_numa_work+0xea0/0xea0
[ 3074.807480]  ? check_preemption_disabled+0x48/0x200
[ 3074.812495]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3074.818050]  ? active_load_balance_cpu_stop+0x12e0/0x12e0
[ 3074.823596]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3074.829132]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3074.834667]  ? xas_load+0x43/0x1e0
[ 3074.838219]  ? filemap_map_pages+0xd11/0x19b0
[ 3074.842721]  ? lock_downgrade+0x900/0x900
[ 3074.846875]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3074.851805]  ? print_unlock_imbalance_bug+0x50/0x70
[ 3074.856821]  ? set_next_entity+0xdc/0xc60
[ 3074.860965]  ? reweight_entity+0x10f0/0x10f0
[ 3074.865377]  ? update_load_avg+0x2470/0x2470
[ 3074.869794]  ? filemap_map_pages+0xd38/0x19b0
[ 3074.874298]  ? find_get_entries_tag+0x1400/0x1400
[ 3074.879146]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3074.884686]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3074.890230]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 3074.895417]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 3074.900628]  ? perf_sched_cb_inc+0x350/0x350
[ 3074.905047]  shmem_fault+0x25f/0x960
[ 3074.908771]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3074.914050]  ? trace_hardirqs_on+0xbd/0x310
[ 3074.918384]  ? kasan_check_read+0x11/0x20
[ 3074.922531]  ? finish_task_switch+0x1f5/0x900
[ 3074.927031]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3074.932134]  ? compat_start_thread+0x80/0x80
[ 3074.936571]  ? dequeue_entity+0x17f0/0x17f0
[ 3074.940908]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3074.946447]  __do_fault+0x100/0x6b0
[ 3074.950075]  ? _raw_spin_unlock_irq+0x60/0x80
[ 3074.954570]  ? finish_task_switch+0x1f5/0x900
[ 3074.959096]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3074.964446]  ? mark_held_locks+0x130/0x130
[ 3074.968682]  ? mark_held_locks+0x130/0x130
[ 3074.972925]  ? __switch_to_asm+0x34/0x70
[ 3074.976988]  ? __switch_to_asm+0x40/0x70
[ 3074.981043]  ? __switch_to_asm+0x34/0x70
[ 3074.985101]  ? __switch_to_asm+0x34/0x70
[ 3074.989163]  ? __switch_to_asm+0x40/0x70
[ 3074.993236]  ? __switch_to_asm+0x34/0x70
[ 3074.997293]  ? __switch_to_asm+0x40/0x70
[ 3075.001348]  ? __switch_to_asm+0x34/0x70
[ 3075.005402]  ? __switch_to_asm+0x40/0x70
[ 3075.009480]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3075.015023]  __handle_mm_fault+0x3d40/0x5a40
[ 3075.019439]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3075.024285]  ? plist_check_head+0xea/0x150
[ 3075.028516]  ? plist_check_list+0xa0/0xa0
[ 3075.032665]  ? ring_buffer_record_is_on+0xe1/0x130
[ 3075.037606]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3075.042113]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3075.047487]  ? plist_check_head+0x150/0x150
[ 3075.051828]  ? schedule+0x108/0x460
[ 3075.055636]  ? handle_mm_fault+0x42a/0xc70
[ 3075.059888]  ? lock_downgrade+0x900/0x900
[ 3075.064033]  ? __do_page_fault+0xa0e/0xd10
[ 3075.068276]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3075.073203]  ? unregister_trace_event+0x3c0/0x470
[ 3075.078044]  ? lock_release+0xa10/0xa10
[ 3075.082020]  ? __do_page_fault+0x567/0xd10
[ 3075.086256]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3075.091366]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3075.097137]  ? check_preemption_disabled+0x48/0x200
[ 3075.102164]  handle_mm_fault+0x54f/0xc70
[ 3075.106234]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3075.110821]  ? find_vma+0x34/0x190
[ 3075.114364]  __do_page_fault+0x567/0xd10
[ 3075.118432]  do_page_fault+0xed/0x7d1
[ 3075.122238]  ? vmalloc_sync_all+0x30/0x30
[ 3075.126382]  ? error_entry+0x76/0xd0
[ 3075.130097]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3075.135119]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3075.139961]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3075.144992]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3075.149838]  page_fault+0x1e/0x30
[ 3075.153292] RIP: 0010:__get_user_4+0x21/0x30
[ 3075.157709] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3075.176618] RSP: 0018:ffff88018987f830 EFLAGS: 00010206
[ 3075.181989] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc900051da000
[ 3075.189255] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3075.196538] RBP: ffff88018987fb98 R08: 1ffff1003130fee3 R09: 0000000000000000
[ 3075.203811] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff1003130ff0e
[ 3075.211077] R13: ffff8801bf6cf3c0 R14: 000000008040450a R15: 0000000000000000
[ 3075.218369]  ? __might_fault+0x1a3/0x1e0
[ 3075.222443]  ? evdev_do_ioctl+0x159d/0x2180
[ 3075.226773]  ? str_to_user+0x90/0x90
[ 3075.230485]  ? do_futex+0x249/0x26d0
[ 3075.234198]  ? kasan_check_read+0x11/0x20
[ 3075.238350]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3075.243629]  ? rcu_softirq_qs+0x20/0x20
[ 3075.247600]  ? unwind_dump+0x190/0x190
[ 3075.251491]  ? exit_robust_list+0x280/0x280
[ 3075.255822]  ? __fget+0x4aa/0x740
[ 3075.259276]  ? lock_downgrade+0x900/0x900
[ 3075.263428]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3075.268365]  ? save_stack+0x43/0xd0
[ 3075.271995]  ? __kasan_slab_free+0x102/0x150
[ 3075.276408]  ? __fget+0x4d1/0x740
[ 3075.279868]  ? ksys_dup3+0x680/0x680
[ 3075.283586]  evdev_ioctl_handler+0x144/0x1a0
[ 3075.288006]  evdev_ioctl+0x27/0x30
[ 3075.291578]  ? evdev_ioctl_compat+0x30/0x30
[ 3075.295898]  do_vfs_ioctl+0x1de/0x1720
[ 3075.299790]  ? ioctl_preallocate+0x300/0x300
[ 3075.304199]  ? __fget_light+0x2e9/0x430
[ 3075.308174]  ? fget_raw+0x20/0x20
[ 3075.311638]  ? _copy_to_user+0xc8/0x110
[ 3075.315617]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3075.321158]  ? put_timespec64+0x10f/0x1b0
[ 3075.325321]  ? nsecs_to_jiffies+0x30/0x30
[ 3075.329502]  ? security_file_ioctl+0x94/0xc0
[ 3075.333938]  ksys_ioctl+0xa9/0xd0
[ 3075.337414]  __x64_sys_ioctl+0x73/0xb0
[ 3075.341304]  do_syscall_64+0x1b9/0x820
[ 3075.345206]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3075.350566]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3075.355492]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3075.360365]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3075.365392]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3075.370408]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3075.375429]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3075.380284]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3075.385469] RIP: 0033:0x457519
[ 3075.388666] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3075.407593] RSP: 002b:00007f7ee6962c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3075.415300] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3075.422569] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000006
[ 3075.429834] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3075.437098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ee69636d4
[ 3075.444364] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3075.457080] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3075.468902] *** Control State ***
04:16:31 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3075.475787] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3075.488392] EntryControls=0000d1ff ExitControls=002fefff
[ 3075.496162] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3075.503785] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3075.517281] device bridge_slave_1 left promiscuous mode
04:16:31 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000011}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3075.522978] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3075.534300] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3075.541432]         reason=80000021 qualification=0000000000000000
[ 3075.547862] IDTVectoring: info=00000000 errcode=00000000
[ 3075.553313] TSC Offset = 0xfffff98f5996c498
[ 3075.557736] EPT pointer = 0x000000010a8e401e
[ 3075.595110] device bridge_slave_0 left promiscuous mode
[ 3075.602950] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3075.630287] *** Guest State ***
[ 3075.633568] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3075.642582] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3075.651798] CR3 = 0x0000000000002000
[ 3075.655519] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3075.655530] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3075.655537] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3075.655550] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3075.668765] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3075.687446] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3075.698733] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3075.706946] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3075.715042] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3075.723166] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3075.731226] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3075.739774] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3075.747819] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3075.755844] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3075.763992] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3075.772010] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3075.772535] team0 (unregistering): Port device team_slave_1 removed
[ 3075.778490] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3075.778501] Interruptibility = 00000000  ActivityState = 00000000
[ 3075.778504] *** Host State ***
[ 3075.778516] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c90df390
[ 3075.778537] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3075.792398] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3075.792409] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3075.792423] CR0=0000000080050033 CR3=000000019686c000 CR4=00000000001426f0
[ 3075.792437] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3075.792447] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3075.792451] *** Control State ***
[ 3075.792459] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3075.792466] EntryControls=0000d1ff ExitControls=002fefff
[ 3075.792477] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3075.792485] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3075.792493] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3075.792500]         reason=80000021 qualification=0000000000000000
[ 3075.792506] IDTVectoring: info=00000000 errcode=00000000
[ 3075.792518] TSC Offset = 0xfffff98e8d6fa8e2
[ 3075.801989] EPT pointer = 0x00000001a981601e
[ 3075.906553] team0 (unregistering): Port device team_slave_0 removed
[ 3075.915115] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 3075.949388] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 3075.998948] bond0 (unregistering): Released all slaves
[ 3076.402006] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3076.408481] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3076.415576] device bridge_slave_0 entered promiscuous mode
[ 3076.453737] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3076.460202] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3076.467839] device bridge_slave_1 entered promiscuous mode
[ 3076.502588] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 3076.537118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 3076.642467] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 3076.678643] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 3076.776235] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 3076.783443] team0: Port device team_slave_0 added
[ 3076.825314] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 3076.832394] team0: Port device team_slave_1 added
[ 3076.855021] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3076.894524] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3076.917878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3076.942151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3077.141843] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3077.148217] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3077.154778] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3077.161151] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3077.168524] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 3077.884572] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3077.953055] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 3078.022979] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 3078.029231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3078.036078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3078.109364] 8021q: adding VLAN 0 to HW filter on device team0
[ 3078.116890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
04:16:34 executing program 4:
listxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)=""/30, 0x1e)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = socket$bt_bnep(0x1f, 0x3, 0x4)
accept(r1, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000040)=0x80)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24937100100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x3580, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:34 executing program 5:
openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x40, 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:34 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="240f0000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3078.586235] *** Guest State ***
[ 3078.589942] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3078.606890] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3078.616260] CR3 = 0x0000000000002000
[ 3078.620383] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3078.627037] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3078.634186] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3078.643457] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3078.649787] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3078.656621] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3078.664851] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3078.673148] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000f00100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3078.681281] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3078.689411] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3078.697574] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3078.705678] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3078.714501] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3078.722723] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3078.730871] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3078.738996] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3078.745523] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3078.753088] Interruptibility = 00000000  ActivityState = 00000000
[ 3078.759394] *** Host State ***
[ 3078.762644] RIP = 0xffffffff811f9ed3  RSP = 0xffff88017bf9f390
[ 3078.768746] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3078.775168] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
04:16:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24004000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3078.782999] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3078.789031] CR0=0000000080050033 CR3=000000017be46000 CR4=00000000001426f0
[ 3078.796068] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3078.802804] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3078.810782] *** Control State ***
[ 3078.814245] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3078.820988] EntryControls=0000d1ff ExitControls=002fefff
[ 3078.826453] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:34 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xffffff8d, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:34 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000030007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3078.833446] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 3078.842499] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3078.862348]         reason=80000021 qualification=0000000000000000
[ 3078.868840] IDTVectoring: info=00000000 errcode=00000000
[ 3078.874301] TSC Offset = 0xfffff98cf82bc372
[ 3078.878751] EPT pointer = 0x00000001aaf5d01e
[ 3078.946792] *** Guest State ***
[ 3078.950131] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3078.959276] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3078.968485] CR3 = 0x0000000000002000
[ 3078.972207] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3078.986603] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3078.996320] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3079.002348] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3079.009167] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3079.015848] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3079.023859] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3079.031970] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3079.039985] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3079.048163] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3079.056124] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3079.064143] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3079.072162] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3079.080197] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3079.089087] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3079.097983] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3079.104397] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3079.104408] Interruptibility = 00000000  ActivityState = 00000000
[ 3079.104412] *** Host State ***
[ 3079.104424] RIP = 0xffffffff811f9ed3  RSP = 0xffff88011402f390
[ 3079.104447] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3079.104463] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3079.142119] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3079.148093] CR0=0000000080050033 CR3=000000010a8e4000 CR4=00000000001426e0
[ 3079.155121] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3079.161828] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3079.167916] *** Control State ***
[ 3079.171365] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3079.178080] EntryControls=0000d1ff ExitControls=002fefff
[ 3079.183547] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3079.190532] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3079.197226] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3079.203790]         reason=80000021 qualification=0000000000000000
[ 3079.210136] IDTVectoring: info=00000000 errcode=00000000
[ 3079.215597] TSC Offset = 0xfffff98cc793f41d
[ 3079.219940] EPT pointer = 0x00000001b9ff001e
[ 3079.400746] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3079.405310] CPU: 0 PID: 12290 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3079.413797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3079.423141] Call Trace:
[ 3079.425746]  dump_stack+0x244/0x3ab
[ 3079.429384]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3079.434585]  handle_userfault.cold.32+0x47/0x62
[ 3079.439252]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3079.443854]  ? rb_erase_cached+0xc78/0x3720
[ 3079.448159]  ? userfaultfd_ctx_put+0x830/0x830
[ 3079.452736]  ? _raw_spin_unlock+0x2c/0x50
[ 3079.456902]  ? free_one_page+0xcae/0x1700
[ 3079.461037]  ? rb_erase_cached+0xc78/0x3720
[ 3079.465344]  ? rb_next+0x140/0x140
[ 3079.468872]  ? find_lock_entry+0x2de/0x8e0
[ 3079.473094]  ? preempt_schedule+0x4d/0x60
[ 3079.477224]  ? ___preempt_schedule+0x16/0x18
[ 3079.481615]  ? find_get_entry+0x1120/0x1120
[ 3079.485926]  ? debug_check_no_obj_freed+0x305/0x58d
[ 3079.490926]  ? mark_held_locks+0x130/0x130
[ 3079.495150]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3079.500235]  ? mark_held_locks+0x130/0x130
[ 3079.504458]  ? mark_held_locks+0x130/0x130
[ 3079.508683]  shmem_getpage_gfp+0x3723/0x4840
[ 3079.513090]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3079.518175]  ? lock_downgrade+0x900/0x900
[ 3079.522340]  ? mark_held_locks+0x130/0x130
[ 3079.526581]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3079.531929]  ? lock_acquire+0x1ed/0x520
[ 3079.535887]  ? __update_load_avg_se+0xae0/0xae0
[ 3079.540556]  ? lock_release+0xa10/0xa10
[ 3079.544526]  ? update_load_avg+0x387/0x2470
[ 3079.548838]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3079.554185]  ? attach_entity_load_avg+0x860/0x860
[ 3079.559013]  ? __mutex_lock+0x85e/0x16f0
[ 3079.563062]  ? mark_held_locks+0x130/0x130
[ 3079.567282]  ? mutex_trylock+0x2b0/0x2b0
[ 3079.571346]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3079.576867]  ? attach_entity_load_avg+0x860/0x860
[ 3079.581697]  ? mark_held_locks+0x130/0x130
[ 3079.585926]  ? lock_downgrade+0x900/0x900
[ 3079.590065]  ? rb_erase+0x3710/0x3710
[ 3079.593866]  ? mark_held_locks+0x130/0x130
[ 3079.598083]  ? __update_load_avg_se+0xae0/0xae0
[ 3079.602738]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3079.608256]  ? xas_start+0x23d/0x740
[ 3079.611953]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3079.617475]  ? xas_descend+0x201/0x510
[ 3079.621347]  ? xa_destroy+0x4d0/0x4d0
[ 3079.625131]  ? attach_entity_load_avg+0x860/0x860
[ 3079.629958]  ? freezer_fork+0x376/0x600
[ 3079.633922]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3079.639441]  ? xas_load+0x43/0x1e0
[ 3079.642967]  ? filemap_map_pages+0xd11/0x19b0
[ 3079.647450]  ? lock_downgrade+0x900/0x900
[ 3079.651604]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3079.656551]  ? cpuacct_charge+0x265/0x440
[ 3079.660728]  ? filemap_map_pages+0xd38/0x19b0
[ 3079.665208]  ? mark_held_locks+0x130/0x130
[ 3079.669429]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3079.674952]  ? find_get_entries_tag+0x1400/0x1400
[ 3079.679790]  ? update_load_avg+0x2470/0x2470
[ 3079.684185]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3079.689715]  ? check_preemption_disabled+0x48/0x200
[ 3079.694740]  ? __perf_event_task_sched_out+0x33a/0x1bf0
[ 3079.700100]  ? pick_next_task_fair+0xa05/0x1b30
[ 3079.704769]  ? rcu_qs+0x23/0x110
[ 3079.708126]  shmem_fault+0x25f/0x960
[ 3079.711828]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3079.717354]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3079.722615]  ? perf_sched_cb_inc+0x350/0x350
[ 3079.727015]  __do_fault+0x100/0x6b0
[ 3079.730625]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3079.735749]  ? kasan_check_read+0x11/0x20
[ 3079.739883]  ? mark_held_locks+0x130/0x130
[ 3079.744100]  ? mark_held_locks+0x130/0x130
[ 3079.748318]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3079.753838]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3079.759361]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3079.764886]  __handle_mm_fault+0x3d40/0x5a40
[ 3079.769281]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3079.774108]  ? __switch_to_asm+0x34/0x70
[ 3079.778148]  ? __switch_to_asm+0x40/0x70
[ 3079.782188]  ? __switch_to_asm+0x34/0x70
[ 3079.786232]  ? __switch_to_asm+0x40/0x70
[ 3079.790275]  ? __switch_to_asm+0x34/0x70
[ 3079.794315]  ? __switch_to_asm+0x40/0x70
[ 3079.798376]  ? __schedule+0x8d7/0x21d0
[ 3079.802276]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3079.806776]  ? tracing_record_taskinfo_skip+0x145/0x1a0
[ 3079.812123]  ? trace_find_filtered_pid.part.59+0x50/0x50
[ 3079.817578]  ? handle_mm_fault+0x42a/0xc70
[ 3079.821798]  ? lock_downgrade+0x900/0x900
[ 3079.825928]  ? __do_page_fault+0xa0e/0xd10
[ 3079.830152]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3079.835083]  ? unregister_trace_event+0x3c0/0x470
[ 3079.839910]  ? lock_release+0xa10/0xa10
[ 3079.843868]  ? __do_page_fault+0x567/0xd10
[ 3079.848089]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3079.853178]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3079.858737]  ? check_preemption_disabled+0x48/0x200
[ 3079.863769]  handle_mm_fault+0x54f/0xc70
[ 3079.867858]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3079.872451]  ? find_vma+0x34/0x190
[ 3079.875981]  __do_page_fault+0x567/0xd10
[ 3079.880043]  do_page_fault+0xed/0x7d1
[ 3079.883835]  ? vmalloc_sync_all+0x30/0x30
[ 3079.887967]  ? error_entry+0x76/0xd0
[ 3079.891672]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3079.896687]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3079.901533]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3079.906540]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3079.911367]  page_fault+0x1e/0x30
[ 3079.914806] RIP: 0010:__get_user_4+0x21/0x30
[ 3079.919201] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3079.938085] RSP: 0018:ffff880173a07830 EFLAGS: 00010206
[ 3079.943445] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc900051da000
[ 3079.950695] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3079.957957] RBP: ffff880173a07b98 R08: 1ffff1002e740ee3 R09: 0000000000000000
[ 3079.966694] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff1002e740f0e
[ 3079.973970] R13: ffff8801875488c0 R14: 000000008040450a R15: 0000000000000000
[ 3079.981256]  ? __might_fault+0x1a3/0x1e0
[ 3079.985306]  ? evdev_do_ioctl+0x159d/0x2180
[ 3079.989613]  ? str_to_user+0x90/0x90
[ 3079.993321]  ? do_futex+0x249/0x26d0
[ 3079.997030]  ? kasan_check_read+0x11/0x20
[ 3080.001177]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3080.006442]  ? rcu_softirq_qs+0x20/0x20
[ 3080.010415]  ? unwind_dump+0x190/0x190
[ 3080.014289]  ? exit_robust_list+0x280/0x280
[ 3080.018598]  ? __fget+0x4aa/0x740
[ 3080.022050]  ? lock_downgrade+0x900/0x900
[ 3080.026185]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3080.031097]  ? save_stack+0x43/0xd0
[ 3080.034730]  ? __kasan_slab_free+0x102/0x150
[ 3080.039123]  ? __fget+0x4d1/0x740
[ 3080.042560]  ? ksys_dup3+0x680/0x680
[ 3080.046262]  evdev_ioctl_handler+0x144/0x1a0
[ 3080.050655]  evdev_ioctl+0x27/0x30
[ 3080.054177]  ? evdev_ioctl_compat+0x30/0x30
[ 3080.058501]  do_vfs_ioctl+0x1de/0x1720
[ 3080.062376]  ? ioctl_preallocate+0x300/0x300
[ 3080.066778]  ? __fget_light+0x2e9/0x430
[ 3080.070756]  ? fget_raw+0x20/0x20
[ 3080.074192]  ? _copy_to_user+0xc8/0x110
[ 3080.078155]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3080.083677]  ? put_timespec64+0x10f/0x1b0
[ 3080.087822]  ? nsecs_to_jiffies+0x30/0x30
[ 3080.091955]  ? security_file_ioctl+0x94/0xc0
[ 3080.096351]  ksys_ioctl+0xa9/0xd0
[ 3080.099813]  __x64_sys_ioctl+0x73/0xb0
[ 3080.103686]  do_syscall_64+0x1b9/0x820
[ 3080.107577]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3080.112925]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3080.117851]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3080.122678]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3080.127688]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3080.132733]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3080.137558]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3080.142732] RIP: 0033:0x457519
[ 3080.145910] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3080.164794] RSP: 002b:00007f7ee6962c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3080.172489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3080.179756] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000004
[ 3080.187014] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3080.194275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ee69636d4
[ 3080.201528] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
04:16:37 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xa0010000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="242000a0000007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:37 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:37 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:37 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000100), &(0x7f00000001c0)=0x68)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x201, 0x0)
ioctl$KVM_GET_SREGS(r3, 0x8138ae83, &(0x7f0000000200))
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:37 executing program 4:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300)='/dev/rtc0\x00', 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x7, 0x31, r0, 0x1000000)
r1 = userfaultfd(0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x800, 0x100)
ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000080)={0xc153, 0x7ff})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000002c0), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x9, 0xffffffffffffffff)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2fae5125666f0dd1cecf75f740d27e3b3160adfa1ba5b16aebed7eec5f232c27a13ff42a6b633d2ac9e0fc1cebf94ea788ef5a8c7f2da016ec387bf5c95a4689e87b0300000000000000df2c347a82288b5841c3490a330210c0c8e9b06b98d4f2d1a43d3cb40c89742514920802e71917e3df98ba8086df324d6a598512504c1cf9f5b8f91c4ee423cf6329efcf9a021bb4686e850c32e3d854ae3cabd796b60939a06ccbc21f579626d524d4f90000000000000000000000823ff19f579f717822ec6137a22e6dccaae7d13d346af5a3b31d50189d0f222a38e1289248a53debe9b5ca98ef9309e201c3c154e911a4d46c2b2c84d4060c9eb0159886e775e8eae3ce056c4cc421e5314d70bccc0190948fb3491ca249fc03093f70caa8c57bc460042df7101fd917ad50f503e1d0fbafdfd79ad2d8f2c1b3", @ANYRES16=r4, @ANYBLOB="040180000000fddbdf250b000000080004000100000008000500fbffffff0800040004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20044050)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000240)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000280)={0x5, 0x407, 0x0, 0xbcf1, 0x7fff, 0xc52, 0x2, 0x5, 0x0, 0x9, 0xbb})

04:16:37 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xfffffffffffffffe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
keyctl$session_to_parent(0x12)

04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24030000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3081.692149] *** Guest State ***
[ 3081.696406] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3081.706119] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3081.715161] CR3 = 0x0000000000002000
[ 3081.719759] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3081.726427] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3081.733250] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24f00000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3081.740244] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3081.746627] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3081.753664] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3081.767003] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3081.777859] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3081.787382] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3081.795781] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3081.804402] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3081.812944] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3081.821085] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3081.829625] IDTR:                           limit=0x000001ff, base=0x0000000000003800
04:16:37 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x2000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000300100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3081.838084] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3081.856876] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3081.864514] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3081.879911] Interruptibility = 00000000  ActivityState = 00000000
[ 3081.886643] *** Host State ***
[ 3081.890265] RIP = 0xffffffff811f9ed3  RSP = 0xffff880183fdf390
[ 3081.896349] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3081.903078] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3081.911564] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3081.917604] CR0=0000000080050033 CR3=00000001a5daf000 CR4=00000000001426e0
[ 3081.924802] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3081.931884] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3081.937998] *** Control State ***
04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="2400f000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3081.941549] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3081.948247] EntryControls=0000d1ff ExitControls=002fefff
[ 3081.953720] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3081.960806] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 3081.967760] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3081.974503]         reason=80000021 qualification=0000000000000000
[ 3081.980878] IDTVectoring: info=00000000 errcode=00000000
[ 3081.986338] TSC Offset = 0xfffff98b53f4721c
04:16:37 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3081.990733] EPT pointer = 0x0000000133f5b01e
04:16:37 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24003f00100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3082.050820] *** Guest State ***
[ 3082.054102] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3082.072045] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3082.081184] CR3 = 0x0000000000002000
[ 3082.085317] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3082.092138] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3082.099000] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3082.104982] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3082.104999] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3082.105013] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3082.105033] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.105053] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.105070] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000070007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3082.134278] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.158163] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.166137] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3082.195421] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3082.206039] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3082.214083] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3082.222797] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3082.229267] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3082.236879] Interruptibility = 00000000  ActivityState = 00000000
[ 3082.243104] *** Host State ***
[ 3082.246286] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c7857390
[ 3082.252316] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3082.258792] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3082.266612] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3082.272538] CR0=0000000080050033 CR3=00000001a5daf000 CR4=00000000001426f0
[ 3082.279578] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3082.286234] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3082.292349] *** Control State ***
[ 3082.295803] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3082.302484] EntryControls=0000d1ff ExitControls=002fefff
[ 3082.307991] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3082.314903] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3082.321586] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3082.328532]         reason=80000021 qualification=0000000000000000
[ 3082.334838] IDTVectoring: info=00000000 errcode=00000000
[ 3082.340314] TSC Offset = 0xfffff98b1d3a54b9
[ 3082.344670] EPT pointer = 0x0000000100d2e01e
04:16:38 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:38 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x2000, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f0000000100)=0x3)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000cb3000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:38 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x88470000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:38 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x110000e000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24020000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:38 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xffffffffffffffff, 0x100010, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0)
mremap(&(0x7f000040f000/0x3000)=nil, 0x3000, 0x2000, 0x2, &(0x7f0000674000/0x2000)=nil)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24719300100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3082.576037] *** Guest State ***
[ 3082.579666] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3082.590525] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3082.599811] CR3 = 0x0000000000002000
[ 3082.603860] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3082.612970] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3082.620043] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:38 executing program 5:
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0xfffffffffffe, 0xffffffffffffffff)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:38 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80000, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000100)=""/188)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3082.626160] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3082.632400] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3082.639691] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3082.649434] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.662040] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000300100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3082.676886] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.707543] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.718717] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3082.727249] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3082.735757] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3082.744516] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3082.752673] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3082.760742] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3082.767324] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
04:16:38 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="240000f0100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:38 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xd00, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3082.774781] Interruptibility = 00000000  ActivityState = 00000000
[ 3082.781065] *** Host State ***
[ 3082.784283] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010b047390
[ 3082.790742] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3082.797206] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3082.805013] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3082.811349] CR0=0000000080050033 CR3=000000011e3c6000 CR4=00000000001426e0
[ 3082.824225] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3082.832799] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3082.840798] *** Control State ***
[ 3082.844260] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3082.850944] EntryControls=0000d1ff ExitControls=002fefff
[ 3082.856402] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3082.863710] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3082.870406] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3082.877122]         reason=80000021 qualification=0000000000000000
[ 3082.883469] IDTVectoring: info=00000000 errcode=00000000
[ 3082.889874] TSC Offset = 0xfffff98ad5b51a51
[ 3082.894211] EPT pointer = 0x00000001af3aa01e
04:16:39 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000040100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100004000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x6, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24007193100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3083.337396] *** Guest State ***
[ 3083.340830] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3083.354722] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3083.363905] CR3 = 0x0000000000002000
[ 3083.368082] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3083.374914] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3083.381718] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000003100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3083.388654] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3083.394617] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3083.401313] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3083.409326] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3083.417392] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3083.426157] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x500000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3083.434275] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3083.447294] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3083.458047] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3083.466772] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3083.474769] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3083.483442] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3083.491513] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3083.506640] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3083.514308] Interruptibility = 00000000  ActivityState = 00000000
[ 3083.521052] *** Host State ***
[ 3083.524359] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a5cd7390
[ 3083.530629] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3083.537301] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3083.545105] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3083.551114] CR0=0000000080050033 CR3=00000001c04a2000 CR4=00000000001426e0
[ 3083.558183] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3083.564879] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3083.570964] *** Control State ***
[ 3083.574418] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3083.581100] EntryControls=0000d1ff ExitControls=002fefff
04:16:39 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="2400003f100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3083.586549] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3083.593507] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3083.600226] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3083.606851]         reason=80000021 qualification=0000000000000000
[ 3083.613178] IDTVectoring: info=00000000 errcode=00000000
[ 3083.618653] TSC Offset = 0xfffff98a71b6fef5
[ 3083.622997] EPT pointer = 0x00000001c7b7601e
04:16:39 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x42c081, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x2})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:39 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:39 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x2)
sigaltstack(&(0x7f000022d000/0x3000)=nil, &(0x7f0000000000))
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000140))
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000180))
r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x3bb, 0x2000)
ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000080)=0x10001)
r3 = syz_open_dev$evdev(&(0x7f0000000280)='/dev/input/event#\x00', 0x24, 0x0)
ioctl$TIOCLINUX2(r1, 0x541c, &(0x7f00000001c0)={0x2, 0xc5e, 0x1, 0x2, 0x8, 0x5})
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:39 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x3000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24009371100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:40 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = socket$inet(0x2, 0x800, 0x6)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @broadcast}, 0x10)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:40 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x0, 0x101000)
write$FUSE_GETXATTR(r2, &(0x7f0000000080)={0x18, 0x0, 0x5}, 0x18)
ioctl(r1, 0x8912, &(0x7f0000000100)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:40 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:40 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x1000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000200100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000400100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3084.270424] *** Guest State ***
[ 3084.273839] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3084.283116] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3084.292648] CR3 = 0x0000000000002000
[ 3084.296446] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3084.303276] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3084.310610] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3084.317453] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3084.323635] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3084.331001] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3084.339485] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.347601] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.355589] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="2400000f100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:40 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8000a0, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3084.363744] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.371830] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.393820] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3084.404363] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="2400f000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3084.426910] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3084.435026] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3084.443805] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3084.457097] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3084.465638] Interruptibility = 00000000  ActivityState = 00000000
[ 3084.472329] *** Host State ***
[ 3084.475835] RIP = 0xffffffff811f9ed3  RSP = 0xffff880187fcf390
[ 3084.482147] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3084.489364] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3084.497444] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3084.503511] CR0=0000000080050033 CR3=00000001cf0d3000 CR4=00000000001426f0
[ 3084.510839] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3084.517968] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3084.524019] *** Control State ***
04:16:40 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000f00100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3084.527527] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3084.534197] EntryControls=0000d1ff ExitControls=002fefff
[ 3084.539811] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3084.546794] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3084.553457] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3084.560092]         reason=80000021 qualification=0000000000000000
[ 3084.566410] IDTVectoring: info=00000000 errcode=00000000
[ 3084.571906] TSC Offset = 0xfffff989efe52352
04:16:40 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3084.577810] EPT pointer = 0x00000001bc72c01e
[ 3084.629867] *** Guest State ***
[ 3084.633669] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3084.651541] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3084.661025] CR3 = 0x0000000000002000
[ 3084.664762] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3084.671310] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3084.677863] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3084.677874] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3084.677889] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3084.677901] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3084.677921] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.677939] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.677956] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.677973] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.677991] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3084.678004] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3084.678023] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3084.678037] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3084.690027] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3084.690038] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3084.690055] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3084.745111] Interruptibility = 00000000  ActivityState = 00000000
[ 3084.761038] *** Host State ***
[ 3084.800214] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801be567390
[ 3084.806186] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3084.813146] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3084.821003] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3084.826926] CR0=0000000080050033 CR3=00000001cf0d3000 CR4=00000000001426e0
[ 3084.833942] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3084.840656] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3084.846954] *** Control State ***
[ 3084.850399] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3084.857106] EntryControls=0000d1ff ExitControls=002fefff
[ 3084.862565] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3084.869585] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3084.876254] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3084.882869]         reason=80000021 qualification=0000000000000000
[ 3084.889204] IDTVectoring: info=00000000 errcode=00000000
[ 3084.894635] TSC Offset = 0xfffff989bb1a7495
[ 3084.898990] EPT pointer = 0x00000001ac30901e
04:16:40 executing program 4:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x7ffc})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000070007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:41 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x11000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:41 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x41000000000002, 0x800)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x10002102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x800, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000000200)=""/170)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x4100, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x1, 0x4}}, 0x30)
r5 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x8, 0x2a01)
ioctl$EVIOCGABS2F(r5, 0x8018456f, &(0x7f00000002c0)=""/9)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:41 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0xdd, 0x214041)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)="697085677265f4d033ae001400", 0xffffff43)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x126b, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x202c00, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000090007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.247082] *** Guest State ***
[ 3085.250646] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3085.260778] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3085.274784] CR3 = 0x0000000000002000
[ 3085.278997] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3085.285512] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000030007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.292070] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3085.298309] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3085.304295] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3085.311606] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3085.320089] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.328143] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.336117] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.344205] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.352251] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.360599] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3085.368612] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3085.376588] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3085.384588] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3085.392591] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3085.399021] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3085.406517] Interruptibility = 00000000  ActivityState = 00000000
[ 3085.412771] *** Host State ***
[ 3085.415965] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c48bf390
[ 3085.421969] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3085.428393] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3085.436172] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000004100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.442079] CR0=0000000080050033 CR3=00000001bb0a0000 CR4=00000000001426e0
[ 3085.449669] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3085.456337] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3085.462628] *** Control State ***
[ 3085.466091] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3085.472798] EntryControls=0000d1ff ExitControls=002fefff
[ 3085.478282] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3085.485217] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
04:16:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3085.492324] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3085.499356]         reason=80000021 qualification=0000000000000000
[ 3085.505844] IDTVectoring: info=00000000 errcode=00000000
[ 3085.511365] TSC Offset = 0xfffff9896c438641
[ 3085.515687] EPT pointer = 0x000000011409e01e
04:16:41 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000003100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.596926] *** Guest State ***
[ 3085.600339] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3085.609781] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3085.624691] CR3 = 0x0000000000002000
[ 3085.628537] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3085.635066] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3085.641597] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3085.647611] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3085.653582] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3085.660310] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3085.668348] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.676319] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.684321] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.692316] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.700321] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3085.708310] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3085.716268] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3085.724266] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3085.732276] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3085.740266] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="2400000f100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.746933] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3085.754370] Interruptibility = 00000000  ActivityState = 00000000
[ 3085.760672] *** Host State ***
[ 3085.763892] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801c48bf390
[ 3085.769952] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3085.776405] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3085.784253] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3085.790871] CR0=0000000080050033 CR3=00000001bb0a0000 CR4=00000000001426e0
[ 3085.797994] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3085.805075] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3085.811800] *** Control State ***
[ 3085.815259] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3085.822009] EntryControls=0000d1ff ExitControls=002fefff
[ 3085.827519] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3085.834472] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3085.841165] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:41 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3085.847767]         reason=80000021 qualification=0000000000000000
[ 3085.854078] IDTVectoring: info=00000000 errcode=00000000
[ 3085.859561] TSC Offset = 0xfffff9893b6159ba
[ 3085.863895] EPT pointer = 0x000000010241f01e
04:16:41 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000002100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3085.927325] *** Guest State ***
[ 3085.931131] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3085.940360] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3085.949717] CR3 = 0x0000000000002000
[ 3085.953648] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3085.960327] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3085.967496] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:41 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3085.976884] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3085.991541] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3086.006993] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3086.017999] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.025987] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.026005] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.026022] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.053113] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.061812] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3086.069983] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3086.078096] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3086.086072] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3086.094983] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3086.101569] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3086.109111] Interruptibility = 00000000  ActivityState = 00000000
[ 3086.115344] *** Host State ***
[ 3086.118582] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a6307390
04:16:42 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101000, 0x0)
connect$unix(r2, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3086.124561] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3086.130989] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3086.138802] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3086.148603] CR0=0000000080050033 CR3=00000001c2efb000 CR4=00000000001426e0
[ 3086.155635] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3086.163568] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3086.169766] *** Control State ***
[ 3086.174803] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3086.181892] EntryControls=0000d1ff ExitControls=002fefff
[ 3086.187599] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3086.194599] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3086.201403] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3086.208111]         reason=80000021 qualification=0000000000000000
04:16:42 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x102, 0x18d)
accept4$inet6(r0, &(0x7f0000000380), &(0x7f00000003c0)=0x1c, 0x800)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:42 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x220000, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f00000001c0)={0x10001, 0xb, 0x4, 0x9, "8d7908c325a1b28f4b17148037ef1bf4719b8fd519ee6df71a4d9c250a261a44"})
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x200000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000100)={0xfffffffffffffffd, 0x0, {0x3, 0x2, 0x9, 0x3, 0x2}})
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x108000, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
socket$kcm(0x29, 0x5, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

04:16:42 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8dffffff, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000070007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3086.226815] IDTVectoring: info=00000000 errcode=00000000
[ 3086.232949] TSC Offset = 0xfffff9890a901eaf
[ 3086.237346] EPT pointer = 0x0000000133de201e
04:16:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000090007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:42 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000030007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3086.427635] *** Guest State ***
[ 3086.431131] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3086.441261] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3086.450518] CR3 = 0x0000000000002000
[ 3086.454465] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3086.461591] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3086.468369] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:42 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x8906000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3086.474501] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3086.480650] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3086.488299] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3086.496336] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.504806] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.513016] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100f07031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3086.527727] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.544635] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3086.554568] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3086.563618] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3086.571850] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3086.580745] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3086.588930] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3086.595429] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3086.602959] Interruptibility = 00000000  ActivityState = 00000000
[ 3086.609247] *** Host State ***
[ 3086.612439] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801a5cd7390
[ 3086.618724] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3086.625154] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3086.633005] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3086.638988] CR0=0000000080050033 CR3=000000011bfb0000 CR4=00000000001426f0
[ 3086.646610] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3086.653332] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3086.659430] *** Control State ***
[ 3086.662876] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3086.669558] EntryControls=0000d1ff ExitControls=002fefff
[ 3086.675011] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3086.681958] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3086.688868] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3086.695430]         reason=80000021 qualification=0000000000000000
[ 3086.701824] IDTVectoring: info=00000000 errcode=00000000
[ 3086.707294] TSC Offset = 0xfffff988c995a8a0
[ 3086.711607] EPT pointer = 0x00000001b958801e
04:16:42 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:42 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100207031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000100))

04:16:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d0000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:45 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0xd000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100407031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:45 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:45 executing program 5:
socket$l2tp(0x18, 0x1, 0x1)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140), 0x4)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x8000, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L+', 0x800}, 0x28, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x40000000000, 0x4b0000)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:45 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xb0, 0xef, &(0x7f0000000100)="d89c2ab2d10fa92f700aa7c04d3ea2bfd4445393301b8615ea6b11d39ef0d08ebec2c57a8b99946dcae6313015748d5cb58d31d852930203b7541dc4e6a906c3d2a21c38e07e4335663f74fa7f255891190137ac776c544bb2078d5575970c6cd87727f7266dc08dff6f6626c12f6f3658389ea3dcf867bca93545002161a85ca3c67d5e6e32f95d569f9904c770afb981e8f63af472548d2cee58264786d583d440a3f684a0bfd84183705e9ef3847b", &(0x7f00000001c0)=""/239, 0x1}, 0x28)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100307031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3089.436303] *** Guest State ***
[ 3089.446904] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3089.457226] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3089.466287] CR3 = 0x0000000000002000
[ 3089.471474] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3089.478834] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:45 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x210a001ff8, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3089.485394] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3089.491630] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3089.497679] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3089.504456] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3089.527995] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
userfaultfd(0x80800)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0)
ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000100))
ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000080))

04:16:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100010031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3089.536051] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.555463] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:45 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x3000000000000000, @local, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3089.596287] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.605900] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.614917] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3089.624575] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3089.633848] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3089.644233] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3089.652330] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3089.658830] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3089.666273] Interruptibility = 00000000  ActivityState = 00000000
[ 3089.672692] *** Host State ***
[ 3089.675961] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801cc8c7390
[ 3089.682151] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3089.688620] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3089.696423] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3089.702444] CR0=0000000080050033 CR3=00000001bf552000 CR4=00000000001426f0
[ 3089.709543] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3089.716841] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3089.723596] *** Control State ***
[ 3089.729777] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3089.736597] EntryControls=0000d1ff ExitControls=002fefff
04:16:45 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000bc9000/0x1000)=nil, 0x1000}, 0x2})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:45 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:45 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000100)=[@in6={0xa, 0x4e22, 0x5, @mcast1, 0x1ff}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e24, @broadcast}, @in6={0xa, 0x4e21, 0x400, @loopback}, @in={0x2, 0x4e23, @multicast1}], 0x68)

04:16:45 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007021dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3089.742467] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3089.753178] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3089.760797] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3089.767750]         reason=80000021 qualification=0000000000000000
[ 3089.774225] IDTVectoring: info=00000000 errcode=00000000
[ 3089.780017] TSC Offset = 0xfffff9872d3a947f
[ 3089.789945] EPT pointer = 0x00000001c7bce01e
[ 3089.877352] *** Guest State ***
[ 3089.881137] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3089.890560] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3089.899865] CR3 = 0x0000000000002000
[ 3089.903694] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3089.910556] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3089.917468] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3089.923454] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3089.930078] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3089.936792] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3089.945064] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.953871] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.962079] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.970101] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.978113] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3089.986077] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3089.994132] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3090.002137] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3090.010140] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3090.018181] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3090.024578] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3090.032048] Interruptibility = 00000000  ActivityState = 00000000
[ 3090.038293] *** Host State ***
[ 3090.041482] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801be567390
[ 3090.047532] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3090.053948] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3090.061789] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3090.067744] CR0=0000000080050033 CR3=000000011bb4d000 CR4=00000000001426f0
[ 3090.074764] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3090.081462] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3090.087571] *** Control State ***
[ 3090.091032] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3090.097763] EntryControls=0000d1ff ExitControls=002fefff
[ 3090.103223] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3090.110170] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3090.116859] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:46 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x6]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830f20200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:46 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3090.123418]         reason=80000021 qualification=0000000000000000
[ 3090.129771] IDTVectoring: info=00000000 errcode=00000000
[ 3090.135230] TSC Offset = 0xfffff986ee8ee266
[ 3090.139579] EPT pointer = 0x00000001d8fc901e
04:16:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000080}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3090.232808] *** Guest State ***
[ 3090.236133] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3090.245332] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3090.254807] CR3 = 0x0000000000002000
[ 3090.259429] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3090.266035] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3090.272655] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3090.278665] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3090.284650] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3090.284663] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3090.284698] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.284724] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.284740] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.299517] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.299535] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.342387] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3090.350408] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3090.358518] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3090.366504] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3090.374611] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3090.381063] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3090.388542] Interruptibility = 00000000  ActivityState = 00000000
[ 3090.394775] *** Host State ***
[ 3090.398010] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801be567390
[ 3090.403988] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3090.410419] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3090.418258] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3090.424143] CR0=0000000080050033 CR3=000000018e11c000 CR4=00000000001426e0
[ 3090.431198] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3090.437880] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3090.443922] *** Control State ***
[ 3090.447411] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3090.454081] EntryControls=0000d1ff ExitControls=002fefff
[ 3090.459620] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3090.466550] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3090.473744] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830220200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x110000e0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3090.480376]         reason=80000021 qualification=0000000000000000
[ 3090.487848] IDTVectoring: info=00000000 errcode=00000000
[ 3090.493305] TSC Offset = 0xfffff986bb99141f
[ 3090.497662] EPT pointer = 0x00000001c90e001e
04:16:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:46 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xa00]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x10000002})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830420200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
r1 = getpid()
ptrace$getsig(0x4202, r1, 0xffffffffffff7fff, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'bpq0\x00', {0x2, 0x4e20, @remote}})
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3090.649048] *** Guest State ***
[ 3090.652750] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3090.662041] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3090.671758] CR3 = 0x0000000000002000
[ 3090.688971] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3090.702128] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3090.722405] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3090.731181] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3090.737606] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3090.744412] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
04:16:46 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x300]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3090.752656] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.760745] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.768809] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.776858] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.785199] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3090.793758] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3090.803859] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3090.811918] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3090.811978] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3090.835966] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:46 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000200)=ANY=[])
mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1'])
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
syz_mount_image$vfat(&(0x7f00000004c0)='vfat\x00', &(0x7f0000000500)='./file0/file0\x00', 0x0, 0x0, &(0x7f0000000780), 0x0, &(0x7f0000000800))
rmdir(&(0x7f0000000080)='./file0\x00')
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x204600, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830320200a0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3090.847230] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3090.854908] Interruptibility = 00000000  ActivityState = 00000000
[ 3090.861330] *** Host State ***
[ 3090.864850] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801240bf390
[ 3090.871070] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3090.880552] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3090.889624] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3090.899275] CR0=0000000080050033 CR3=000000016a801000 CR4=00000000001426f0
[ 3090.907885] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3090.914723] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3090.929789] *** Control State ***
[ 3090.933640] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3090.940951] EntryControls=0000d1ff ExitControls=002fefff
[ 3090.946572] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3090.954073] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3090.961732] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size.
[ 3090.963923] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3090.977827]         reason=80000021 qualification=0000000000000000
[ 3090.984765] IDTVectoring: info=00000000 errcode=00000000
[ 3090.990341] TSC Offset = 0xfffff98683f8e3ed
[ 3090.994691] EPT pointer = 0x00000001d5bc701e
04:16:46 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0f0000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:46 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x80e40, 0x0)
ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000100)=""/101)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:46 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0ffffffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:46 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200b0009000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3091.050028] Unknown ioctl -2145893009
04:16:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8848]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0003000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3091.137103] *** Guest State ***
[ 3091.142880] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3091.172594] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3091.181894] CR3 = 0x0000000000002000
[ 3091.188077] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3091.194783] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3091.203019] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3091.203104] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3091.210439] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3091.223846] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3091.230685] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3091.239183] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.247413] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.255467] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.263604] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3091.272146] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.280167] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.288186] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3091.296144] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3091.304177] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3091.312198] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3091.320547] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3091.327174] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0209000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3091.334785] Interruptibility = 00000000  ActivityState = 00000000
[ 3091.341164] *** Host State ***
[ 3091.344456] RIP = 0xffffffff811f9ed3  RSP = 0xffff880187fcf390
[ 3091.350540] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3091.357032] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3091.364833] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3091.370775] CR0=0000000080050033 CR3=00000001ce497000 CR4=00000000001426e0
[ 3091.378242] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3091.385080] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3091.391519] *** Control State ***
[ 3091.395142] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3091.402077] EntryControls=0000d1ff ExitControls=002fefff
[ 3091.407605] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3091.414543] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3091.421262] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3091.427857]         reason=80000021 qualification=0000000000000000
[ 3091.434161] IDTVectoring: info=00000000 errcode=00000000
04:16:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3091.439658] TSC Offset = 0xfffff98645f45058
[ 3091.444002] EPT pointer = 0x00000001a4fff01e
04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0409000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x800000000000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3091.547068] *** Guest State ***
[ 3091.550528] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3091.559680] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3091.568732] CR3 = 0x0000000000002000
[ 3091.574987] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3091.581552] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3091.588144] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3091.594118] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3091.600125] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3091.607332] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3091.615351] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.623398] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.631947] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.640000] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.648309] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3091.656279] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3091.664313] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3091.672309] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3091.680327] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3091.688371] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3091.694765] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3091.702249] Interruptibility = 00000000  ActivityState = 00000000
[ 3091.708506] *** Host State ***
[ 3091.711685] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801cc8c7390
[ 3091.717730] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3091.724141] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3091.732087] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3091.738039] CR0=0000000080050033 CR3=00000001ce497000 CR4=00000000001426e0
[ 3091.738055] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3091.738066] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3091.738070] *** Control State ***
[ 3091.738078] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3091.738093] EntryControls=0000d1ff ExitControls=002fefff
[ 3091.751800] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3091.751809] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3091.751818] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3091.751826]         reason=80000021 qualification=0000000000000000
[ 3091.751832] IDTVectoring: info=00000000 errcode=00000000
[ 3091.751837] TSC Offset = 0xfffff9860e414dab
[ 3091.751845] EPT pointer = 0x0000000114ae201e
[ 3091.765258] Unknown ioctl -2145893009
04:16:47 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0309000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:47 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x2]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:47 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
unlink(&(0x7f0000000040)='./file0\x00')
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:47 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000a0]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0f09000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:47 executing program 4:
r0 = accept$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x4003d, r0, 0x0)
r1 = userfaultfd(0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x2})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000380)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f0000000300)=""/43)
r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000680)="c13239a457cf7f3da166112b567c7397884be996e4d1d690df2f927cba665ace64723a8737c2b6b7126f9fdc68440aacdea419719164183ef2c40b0e481486866e99e998cd130395a42e8f822528a4c3828736abbdcf780c358acca6bad6c7645c709e25b2ab648f0ce4a66a948ee308a6ed1bcd6c9dac76351aae3a5c563ff8f2c5cb048542cb30224a3bf1407c88449e4469116a2d6bedf9ab88a1de8ae32f12e71a1b1e612b0bb5c2c7df2113badc3cf2a22c62cea24f6345ab3895eb02b1828d4319df1632da30b209d9bbcee21210193ff9bf3a12c210840198fe413f2f3010d2bf1626b34b7f83f0622d7a11a78312f811e66dd8161967b40672ca42e515f8e43a476a4ea6dbc7e24147fdb4bf55f001f9661494033bcb13e37f2429e4b2775bde60d7f67854cc262b742fe1086cb2c58d16474c769cbc5502bb767ba78eb28b3221fd9b4c21463c78af7d65884aa06567fba8a6c9ce5d6a9aff104bbd9ed2b7d27fe062237edcbb19898e1a5417ff80a958ba7fe26fbc5b04f0fca8c432a1f4714511e135ff8be33c560e251646297a0d97ca3f618994b06b09fdb6eb7d27f43d64ed30ad589e602048dc0965a736df63be9bbf28e82aa285fda10a9ca59bfa6c19f7716f34e2f45f974fc6eb52a11d7d5197981194e90de6d1a0d5385901357a87ea289ee459fb1c74e2f118e6309424261441a4749bc0d0c6a6663d255a1f7540f0a3b671a9b7fcfe8f273ba9e30f2b9d5c995dd1381108403d75a66f165edd3d9b7ebeea8a51e37a2f3cd6f0a812a9305db6168ba4d2450fd781d03deee25a48e43ff47a2b30c1cccb01242c1c91e336e13f0b2b67810cf7f5c526bb8445bc377ae64830e089c11672a7d40888689ba3557042531059767fe35d7ec75286b86b0e7292520f99c349faa887684b1285d55e50d3fa0b9a2b50dc9493af30c247209b60e4901917d694adc13972b3d3b10cddf9653725441bf60f4166d5465b910f222bcc0d8f953614e0a9b189c1696709c56da68ae21c51b6d648b9b11ea6a2bf1cc7bb5bcfda4e625ae5737dc3129fa8f3d7214a6cfad9a7571103ff014cb386511ff6663c7ae1e38183a230c7878143e24007fb1ce14de80041a9c8edfdee41d037c910da12cdd6224f86c0af101d17505d8e43ec224f25b95e6ce7c26829d0e4a8369a7c06ffc0217f05e23500c8c820fb595b2e31a38b0eb1171d1157d94e84871bd30ea9c809abb51b17bc7eacd1cc7e211444c408e640575a4c6467c8739acec50e793ccda660ecca318cdf9d00b8840e4ea712553ac4a13639f47e338371aa711a36844aa8b565df341498bdefc7642e42fbb316e6df6a600b298652916f007842f33ecea91064596656efb44c8e059b8968938532bda5db527d32ae79eafb6d326d1f7360dbec8ee32b2c3e6dff7e514f0c3be34c1945629b7100778dd9a030bfaa8c43b6b0bcb939de640a4e457a072008c17882ee1d293e2b33a179b45275e9f07c799cafec934ae66a4e85dae1cbb21dc0e36dab5ba987f52a970740ef41e83e08963116d1459c7ce78f3d11881dd15a4ccda6265ea46002ab40b96bd76c02132b2f33b34a5afb2c3cf436e7e25954e416ea057f522531769abb474f8a68ac65273e37221747035f0e972529b15969e1bf4ca5283029b913e7288240acfe3a7f69de203ce9ce53cbd8b415c37cd6d99b427b406ddc216479d1d038d60f940eccbcca898eb473e974c52aa802b154899b69bdb2068e2babec0f5bc3bf2158aa222cdc7fdb440e276403080dc9bef578cc986f50f46f9cbfa5724dd9cde30e6a66e2cf900e52b7166e220d55863ed85504c58252f71792ff9470742d7a128797b53fd6592c9fa6eaa7923d67e75bdd580642334fe4689db2f1882a6b4d953d9a8c6c233e531fd86c9a95d28bdf6139ade218afee4219d146e82f6de05d08ef594b3b304e29c98f6ce883ee23f973d389e4601430745d1348f81b7ec56db0f23466b1ed0c550613d44193b20ca4dece54ceb44df8968fff0a6c88de7cce604bd570e17f6d242d135fb9dcaf487d9a082d6c22f5edd15307dfaaa426399dde4fe583644c27f589f3dee225a29cb6f724d8d2d5a30ae0e800d8503d39c476c7c0cdc568101d9ed1c0b88b8a0f1347ce6fffbd7767a121127e02a598877ab83bd82cfd174024b6d4a3b1586262143efb260a1d7dc8affa6e5ee19cc1b47c55fe81cb93d36f93b6517de9ee49bc0233159bf02a3a7293fe08f1241d560c2863548d4a7779a20e3c734bc8de2ff529e99ee44ad570b83d83b5ba496d1222ab2c0f21e33a25ce60abfc53b0abf37eb35b6428f81bc3bd1e6c5307ba9f89fda2766f5cc4065dfdc31c08a8f9b247a158a7386310f54a1f9968fe8d09fed99bf2fbe6c60d5c65e663cadc2b7bf1fbc6f004eb31a5223e87a5ccc88d150af9951b20ea9c1b599b55a8382c4e341c9fda0d1cf63234fc6d69cc7a1abb69789e6df2271ea38900110cc62228ec60e6e8636376cf31a18c110d384ec78ad39fb30c4fbf4608ef689c98a38bf06549da5aad4af68f15746f7857ae00d8381d82289b3824d30af2c7e80756636e57d3a7c669b62ea9871c3550857622e2fc6af8490c7c248bc0be1d07ba4dd80c2f56282664d6e658cd5ae3e6ca977ed833f03b2b08c20cf8084b2ca401c6903acc296c7a67a9ea046525a9bd78c6773efbe8201f21f8c5e3fbde37f11ceabe133eaf4dddf1e4fe53c7630639ace22bbaba9982dcb2eeede4d2f07c188872b8416b289fd1647b533594a8250b54297d9b2214aa5fdc23f8f4457de0538db16e5b357699f81d8f8ef374817c6dcbca054b74474f9a6448be0e2a99e5e97abfd28eeffcfd2baa12d0f573723e4d09a355213258e8c56431c3c2a5a2820c7f3265612643af4ffc8ae9c77474115d896af792cf0fee00944b29467498d8bba04c38f4b61b4325c4513048abddc76af2e83f6446a810e08be07dee774d84456e2447e29a88f5075d544a938b7e3684a9db5f560ed5eeafa11c11bf85ca71240a806c22898b539e4047be330226c9f453fc35ee1c68eb21f7bda86bcff8f919502f17f527e931dd22540e61d42619aa841af2b0385c05590654388c9e3edda948e956768399c877059c8dd22ea86035560b28738ad83ac27d908b7519cecef46b0025d14cce082812378821ec60419e72f9047616d4ff969b93feebb77ade7931e8d2ad45278ef0f30b80221f1fe30582e2bd6097eed6991da6f89603cfd824b1d37f809c2454aeb5691df567c8e009b14bfbf377313d456b1c7586e3ce106706c29646c7ecafc90eb0415c7a700542871a67f35d2fb9b017ec70d4d1aceed43015102bc42c90734302afae8f045f927dbcebd1b63a3b02571d9b5382f31ace2834cbc59fe8309cfa98ab2633f443c9d20b58a43f0cb3efd7641ac825c90ed04bb76a8dc1c32f55d72666308805497e8f7211145f20333d5946e0cf1ff12ed4f85d2722066083692fedac06e68125a740c6c28967bec5d13a1294961e5b4d61fce646f49df753a26b6895f09bc38c47bbe33e20b96cee2921d81b840024525e89300c422563b2f07b99e7c64fbeb48b5c5ca28d46c70340dee0f053129b386c773a23298836bf3b1471dc8c3f29db2d4e2e6fa295468330d2ae5d6373481b6ebb20a7306910295ad4fa10e9075f3cdc310c0e0a8d16861311ccbf6cf560597f015aa857f05b5a64c2e7e2e44710faf77885364384adf1f4a406c455511210dfc4e31e1214658a388c41e40fc89451a43820c79bd48ee8c4e723de20bf0cafe3150bff0fc08231784108acc6a5ec3401b88a1bb035d2a3bb355514de7e0c4ab8a2d755ac9c54289092a4da6b4d5576d7b058b335f8f510248641ac32d058a53028ace84c14bb5d0518f84597bce750a05e31d4625d88184a5f14d364e994dcdc76d2d8660aeb4a117e2f3aefaa19ced7797ce0449f2bbdb844b32585052c67fc74b2d325260f3f09dd6cb31ffb73d18e77a0aeae01c3f83ccca0e6f55b0d1d462d74ffbb719d6f96685acf49c4b5e78e67bf97bd0569a7c4edd3e6c763e6d96dc504b953311c06791f92eede8cd965db62bfba4045c6f4780bba7ee5b32035abcbf706d367d85ca75ec2fc2c1e311cc22ac0d6954352abf55501c7c8ded9fc5766cf668e878457f775297f5990c54e37fe7dfe5d3e79334865b1dc7e7294c16416c8b6e0ddc545e6bde504a4e2dd9fc8748ea80be6d8577fad2df75d5f68249f0c7c1d531d28920abc3268e0261321783b81512858c8aa356a32c16b61cbb79b58c8be96268dddf071c5445b6a33126b4f88e738863e29a3585eff59e1d8edc634a09ee7a52295eda6f1ba0c072ad4a8c3373b3ae4ece0791c7102d17a48d5cd74be944ba5546564a4619081b8e754d82a6c95b92860c7906e83decf6d161371be7402bc21b759225ed5993585187135c96791001b355de55a10e5017ac545dd1686e84376040109e9e747bd0e8e4d83da3b9a9b19ea092e55bc256f753a9fd7e2d1f040a66dac7ff065eacf281ab52e6374d9f4a40e9768c3349674baea455092a6d4eeb899def6304795248e6d8c39ea4d0c3b8dcfbaeaed823a55b6f2bc64ab93a1bd717011e3c1923dbff1b10c5dbfd317f2e106ed7a2d9b5228ecd6f637833b9111ab8a40eb3d17f9675895cc6f267378f468c949124585a3c368b4ebb542a435838daecfbb4732ca4daf58b09d1ee7d596ddb6461c2f52238a65ac5bfc55ac8350f542f1f8716209beb8cae933ff4921f2d4be9fc47878c67a1694c4cbab02d2a0a4727145c0a87288e93ced8ded9fb9a1e8de709ed6845a9e61ed15e6e79d8db8105a3f3a510d2fe1744b54bd7dc534e9076e41cda9d0dca2ca2cd57af7d9f70c39898071882405e9245dc80797798ff5a94e329a52d62d4eb501877a321dc80b10ab88b7fab213234d1fc6a70f4de619b5ad11e9b1ae2d4944c3185831f0207314e97619aceaae5987d3b4e7248228e40f1c6666e5895b1b98ee08722c25629f7638fd63a4adf5e3ed3a0df4b58298cf8bded2a69d19956cfb19fae338dc5456baaeb007f74a2a86a1087d6044ebb01b5be42e7ce83f8f2ab5d4f7bc193c3af3bf6fc1024e97324a9d8625967ea7d5dc19a0775b2b32ce6b896f6541fbbee04780b2ae108abdd430ad29001353923a59decd16c9a4bf025361d602212d8b865fc47ecc1690909061c93695d81d23d772a4f0d35cac53deaa2a4a19c97b1210da3e6dd3e52f3a5295891f05ffe78c93206c0019eff566f473ff38ce867c9a36b0ad0370906fec0bb266273650e2c41ee3416d90e2c7e0b48ee893fcdd2df7915d1eb6b7fbd0f86b3bd89147f293cb8c3a5e1d17cbd5d259249327aa97b914c2cf52bc9c56cbcf5883354e1c6ce7061a06ae0ea1c1983a21afce328aa09b8970516969d403ed323e24d98752e5304417e12574989e89329fe1795e6c28f3e5a8218c6cc7f00f25ff81dbc131b790312e1cf9adeaef9ea1bf1e2094bea8d20fb980665a8bb472249a260156df8bb574b24911c9c5f4962e803de599de43b88816c808ad895efc6f0cb2ab12742109032264160a9afb69b41bf50e2433ea85a174cdb496e845beb6119774147d18129d05e599de324b5ef5b5682a4debb102b92d3793dd46da9867efddb0edc5bb26363c1f8f1ea24715c98b6da07b0d1eee707d2e3e80a8e2f0f6c129da3c507aa262e198cc5f8460cbad9a3668ae0c3fcc8bd7c5c3de8fa0f0dbbc7e815b2f4111480a6c1d", 0x1000, 0xfffffffffffffff9)
r4 = request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)='/dev/input/event#\x00', 0x0)
keyctl$instantiate_iov(0x14, r3, &(0x7f00000001c0)=[{&(0x7f0000000140)="8aaf112ab236c59c74ab5d6fce94d99aed82a325ff7a5285b21a7c82e8f2e083d550b82ccb9b8e4588388c26b42e4590ab1ccab83ef3d3ac796b40976fe4345dddf2d1a555f7108e9c9385ad592e", 0x4e}], 0x1, r4)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x40001, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)

04:16:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0003000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:47 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x80808000, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0xfffffffffffffffe, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x3, 0x240)
r4 = dup3(r2, r0, 0x80000)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000140)={0x4, r4})
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000180)={0x0, 0x8})

04:16:48 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3092.116764] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
04:16:48 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xffffff8d]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3092.191027] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
04:16:48 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0xfffffffffffffffe)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000040)={<r2=>0x0, 0x74, &(0x7f0000000100)=[@in6={0xa, 0x4e20, 0x4, @mcast1, 0x5ab1}, @in6={0xa, 0x4e21, 0x5, @empty, 0x7}, @in={0x2, 0x4e24}, @in={0x2, 0x4e21, @rand_addr=0x85}, @in6={0xa, 0x4e24, 0x1, @empty, 0x400}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYBLOB="a0000000667172df3f160a781cf7b9187800ec2fb4d526b45ca241cc7035c7022ab6309fa995a024222ce2eaac7185b03785f7983121f7a88ff4e41483f9a98459df9d8710ab531b90259b55d771088732c8cfc5f507169ffe0412c1701c722df00a3b22ede073f212206bc02da594da9cf48bbfd5c5d1f2f790b7e25583ac35c3eb84e0b9fb7dcc392d9d228961e92a7d974f0140478a961aaca8e144589cdfcba60528"], &(0x7f0000000280)=0xa8)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

[ 3092.232350] *** Guest State ***
[ 3092.241250] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3092.253575] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3092.262685] CR3 = 0x0000000000000000
[ 3092.266744] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3092.273713] RFLAGS=0x00000002         DR7 = 0x0000000000000400
04:16:48 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0010000300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3092.294010] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3092.301325] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.315583] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.331240] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.339830] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.348139] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.356374] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.373731] GDTR:                           limit=0x00000000, base=0x0000000000000000
04:16:48 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
accept4$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0}, &(0x7f0000000140)=0x14, 0x80000)
connect$packet(r0, &(0x7f0000000180)={0x11, 0xf5, r1, 0x1, 0x31, 0x6, @local}, 0x14)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r3, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f00000001c0)={{0x1, 0x2, 0x6, 0x3, 0x145}, 0x0, 0x40})
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

04:16:48 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80800)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000c40)={0x0, 0x0, <r1=>0x0}, &(0x7f0000000c80)=0xc)
stat(&(0x7f0000000cc0)='./file0\x00', &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getgroups(0x4, &(0x7f0000000d80)=[<r3=>0xffffffffffffffff, <r4=>0xee00, 0xee00, 0xffffffffffffffff])
r5 = getgid()
r6 = getgid()
r7 = getegid()
fstat(r0, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
getgroups(0x6, &(0x7f0000000fc0)=[r5, r2, r7, r4, r8, r3])
r9 = getgid()
getresgid(&(0x7f0000000e80), &(0x7f0000000ec0)=<r10=>0x0, &(0x7f0000000f00))
getgroups(0xa, &(0x7f0000000f40)=[r1, r2, r4, r5, r6, r7, r8, 0x0, r9, r10])
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000680)={{{@in6=@mcast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}}, {{}, 0x0, @in=@dev}}, &(0x7f0000000300)=0xe8)
r12 = openat$ppp(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/ppp\x00', 0x80, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000b40)={<r13=>0x0, @in={{0x2, 0x4e20, @rand_addr=0x7ff}}, 0x7fff, 0x304e}, &(0x7f0000000600)=0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r12, 0x84, 0x73, &(0x7f0000000a40)={r13, 0x5, 0x30, 0x1, 0x8}, &(0x7f0000000c00)=0x18)
r14 = getgid()
fchown(r0, r11, r14)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r15 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r16 = syz_open_dev$vcsa(&(0x7f0000000280)='/dev/vcsa#\x00', 0x7, 0x8000)
getsockopt$EBT_SO_GET_ENTRIES(r16, 0x0, 0x81, &(0x7f0000000940)={'filter\x00', 0x0, 0x4, 0xab, [], 0x7, &(0x7f0000000800)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000880)=""/171}, &(0x7f00000009c0)=0x78)
setsockopt$sock_void(r12, 0x1, 0x40000000003, 0x0, 0x0)
r17 = perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0x2, 0x2, 0x1000, 0xb6f, 0x0, 0x9, 0x0, 0x1, 0x0, 0x9, 0x9, 0x4, 0x400, 0x242, 0x5, 0x7ff, 0x7ff, 0x0, 0x9, 0x5, 0x1ff, 0x0, 0x20, 0x6, 0xfffffffffffffff8, 0xe8, 0x73, 0x7, 0x7, 0xa2, 0x100000001, 0x8b4a, 0x8, 0x80, 0x9, 0x800, 0x0, 0xb21, 0x1, @perf_bp={&(0x7f0000000040), 0x6}, 0x4000, 0x80000001, 0x3, 0x3, 0x8000, 0x2, 0xf9a}, 0x0, 0x1, r15, 0x2)
r18 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x1, &(0x7f00000002c0)=ANY=[@ANYPTR=&(0x7f0000000540)=ANY=[@ANYPTR=&(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYRES16=r15, @ANYRES64, @ANYPTR, @ANYRES16=r17, @ANYPTR64, @ANYRESDEC=r16, @ANYRESDEC=r16], @ANYPTR64=&(0x7f0000000340)=ANY=[@ANYRESDEC=r15, @ANYPTR64, @ANYRES32=r0, @ANYBLOB="53b6791704e30b45aed0babb4a81566f1dc1feb2f7e3b0965ad9242ac4088820d2c6a6941d4b6615b25f143caa2db1143a11aa6bee2bc35d893d8d90182e5e297b1e41684a97b690a5af4321162f3f5bee845ec8bbeecf060f558d6d31dd59c0113b87629e713a24370c5f2ca24441", @ANYPTR, @ANYRESHEX=r0, @ANYBLOB="edccee9b52b521c4e8a5f4ee05a36f509e72944e1a09aad3792e4a0fe5aca04715218263dff81cfcaba2b5ea3d6d59d57cba9933c585ff955b4f01a8d7c21a790958e9ce2b67f9e29b760d9eaa25791e97433e67ec8c649175bfbcdedba24ac3ac3bf405fa5349c249fd0f2d2cfaa10f55e1db4ed5545762576c4745668d5973e07e46daaf8807ec48bdf2dbbd2bf16d51f84f0eaa9f86cf66bdc726223d39aa2da16bf43420a1303cd455956bff3a4ca0a1403a2bb514a08a645f7c93553709be03e581aeec4c62c133a8e98dfbe229497f", @ANYRES16=r15, @ANYBLOB="9385c93f5d6de01f0b558f22"], @ANYRES16=r17, @ANYBLOB="9dfc13d98a4da7a2ef85226d2a85523482ff887bf54f611e30c2b2f3708c40921fcf1d4b11c12ecd17d056f80c987f", @ANYRESHEX, @ANYPTR=&(0x7f0000001000)=ANY=[@ANYRES16, @ANYBLOB="1384c4a58e1027bbc16f732b46fec737804c45c32a54deebdce719951edf5f3e5daaf0180a1c23db365c335e411f186cb3784872fa56e18309ddecc8ec52c4e212ef22e61f7132ed7fd51d0a3589e47a470c717224225417c89ae28f10c0843354976ef3531a0000000000000000000000e7ddddbeff596d49a18f751f885b55a85d86c66e1e67c3c6b0aad421af0ba1c6dd69f5e78c989b5b618a8d9f184f6c7eedc0549356072609dae40ca0316469070e8e15a863b36e580f0093a0152540b6c509d523e6300ee2d260f5bda5bc6447941c5af2d6dc1ed53868ed026a7de0c2fc8b1026c38bcb20d75be48bcdf58f68f81483ba40a29b64229f14367511ac88475528d5df1a16a53e633ac2a7938593c9bf863fe59eee16fcca9845c3ad7a1d5b", @ANYRESOCT=r17], @ANYRESHEX=r17, @ANYRES64=r16]], &(0x7f0000000080)='GPL\x00', 0xffffffffffffffe2, 0x0, 0x0, 0x41000, 0x1, [], 0x0, 0xa}, 0x48)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r16, 0x84, 0x76, &(0x7f0000000ac0)={<r19=>0x0, 0x1}, &(0x7f0000000b00)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r16, 0x84, 0x6d, &(0x7f0000000a80)={<r20=>r19, 0x26, "7810627aff85a6d3ba802afb47a51ba56fb489a42ea12b989d45612418dd55b92b5409adaa39"}, &(0x7f0000000a00)=0xfffffffffffffffb)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r18, 0x84, 0x73, &(0x7f0000000780)={r20, 0x6, 0x30, 0x49, 0xffffffffffffffff}, &(0x7f00000007c0)=0x18)
ioctl$PERF_EVENT_IOC_SET_BPF(r17, 0x40042408, r18)

[ 3092.399013] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.434490] IDTR:                           limit=0x00000000, base=0x0000000000000000
04:16:48 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8864000000000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3092.460565] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3092.471139] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3092.478628] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3092.486516] Interruptibility = 00000000  ActivityState = 00000000
[ 3092.498292] *** Host State ***
[ 3092.501588] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010a5af390
[ 3092.508216] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3092.514665] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
[ 3092.522814] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3092.528972] FAULT_FLAG_ALLOW_RETRY missing 30
[ 3092.533486] CPU: 1 PID: 12955 Comm: syz-executor5 Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3092.541956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3092.551298] Call Trace:
[ 3092.553897]  dump_stack+0x244/0x3ab
[ 3092.557531]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3092.562742]  handle_userfault.cold.32+0x47/0x62
[ 3092.567426]  ? userfaultfd_ioctl+0x54a0/0x54a0
[ 3092.572019]  ? rb_erase_cached+0xc78/0x3720
[ 3092.576341]  ? leave_mm+0x40/0x40
[ 3092.579797]  ? userfaultfd_ctx_put+0x830/0x830
[ 3092.584381]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3092.589747]  ? __update_load_avg_se+0xae0/0xae0
[ 3092.594418]  ? mark_held_locks+0x130/0x130
[ 3092.598660]  ? find_lock_entry+0x2de/0x8e0
[ 3092.602897]  ? find_get_entry+0x1120/0x1120
[ 3092.607224]  ? update_load_avg+0x387/0x2470
[ 3092.611547]  ? mark_held_locks+0x130/0x130
[ 3092.615791]  ? mark_held_locks+0x130/0x130
[ 3092.620033]  ? lock_downgrade+0x900/0x900
[ 3092.624188]  ? mark_held_locks+0x130/0x130
[ 3092.628423]  ? kasan_check_read+0x11/0x20
[ 3092.632580]  shmem_getpage_gfp+0x3723/0x4840
[ 3092.637006]  ? shmem_add_to_page_cache+0x1950/0x1950
[ 3092.642112]  ? __update_load_avg_se+0xae0/0xae0
[ 3092.646787]  ? update_load_avg+0x387/0x2470
[ 3092.651111]  ? attach_entity_load_avg+0x860/0x860
[ 3092.655951]  ? mark_held_locks+0x130/0x130
[ 3092.660193]  ? update_load_avg+0x387/0x2470
[ 3092.664516]  ? mark_held_locks+0x130/0x130
[ 3092.668752]  ? attach_entity_load_avg+0x860/0x860
[ 3092.673599]  ? __mutex_lock+0x85e/0x16f0
[ 3092.677659]  ? freezer_fork+0x1cc/0x600
[ 3092.681637]  ? mark_held_locks+0x130/0x130
[ 3092.685875]  ? mutex_trylock+0x2b0/0x2b0
[ 3092.689937]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 3092.695474]  ? delete_node+0x307/0xdc0
[ 3092.699371]  ? __update_load_avg_blocked_se+0x690/0x690
[ 3092.704747]  ? __update_load_avg_se+0xae0/0xae0
[ 3092.709418]  ? cpuacct_charge+0x265/0x440
[ 3092.713564]  ? lock_downgrade+0x900/0x900
[ 3092.717729]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3092.723267]  ? xas_start+0x23d/0x740
[ 3092.726985]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3092.732523]  ? xas_descend+0x201/0x510
[ 3092.736412]  ? xa_destroy+0x4d0/0x4d0
[ 3092.740214]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3092.745141]  ? task_numa_work+0xea0/0xea0
[ 3092.749293]  ? check_preemption_disabled+0x48/0x200
[ 3092.754306]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3092.759844]  ? active_load_balance_cpu_stop+0x12e0/0x12e0
[ 3092.765378]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3092.770918]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3092.776452]  ? xas_load+0x43/0x1e0
[ 3092.780019]  ? filemap_map_pages+0xd11/0x19b0
[ 3092.784514]  ? lock_downgrade+0x900/0x900
[ 3092.788668]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3092.793594]  ? print_unlock_imbalance_bug+0x50/0x70
[ 3092.798613]  ? set_next_entity+0xdc/0xc60
[ 3092.802761]  ? reweight_entity+0x10f0/0x10f0
[ 3092.807172]  ? update_load_avg+0x2470/0x2470
[ 3092.811586]  ? filemap_map_pages+0xd38/0x19b0
[ 3092.816087]  ? find_get_entries_tag+0x1400/0x1400
[ 3092.820937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3092.826488]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3092.832028]  ? __perf_event_task_sched_in+0x2a9/0xb60
[ 3092.837217]  ? __sanitizer_cov_trace_switch+0x53/0x90
[ 3092.842412]  ? perf_sched_cb_inc+0x350/0x350
[ 3092.846827]  shmem_fault+0x25f/0x960
[ 3092.850549]  ? shmem_read_mapping_page_gfp+0x1f0/0x1f0
[ 3092.855827]  ? trace_hardirqs_on+0xbd/0x310
[ 3092.860143]  ? kasan_check_read+0x11/0x20
[ 3092.864291]  ? finish_task_switch+0x1f5/0x900
[ 3092.868787]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3092.873892]  ? compat_start_thread+0x80/0x80
[ 3092.878297]  ? dequeue_entity+0x17f0/0x17f0
[ 3092.882619]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3092.888164]  __do_fault+0x100/0x6b0
[ 3092.891794]  ? _raw_spin_unlock_irq+0x60/0x80
[ 3092.896290]  ? finish_task_switch+0x1f5/0x900
[ 3092.900789]  ? pmd_devmap_trans_unstable+0x220/0x220
[ 3092.905898]  ? mark_held_locks+0x130/0x130
[ 3092.910133]  ? mark_held_locks+0x130/0x130
[ 3092.914366]  ? __switch_to_asm+0x34/0x70
[ 3092.918420]  ? __switch_to_asm+0x40/0x70
[ 3092.922474]  ? __switch_to_asm+0x34/0x70
[ 3092.926533]  ? __switch_to_asm+0x34/0x70
[ 3092.930591]  ? __switch_to_asm+0x40/0x70
[ 3092.934649]  ? __switch_to_asm+0x34/0x70
[ 3092.938714]  ? __switch_to_asm+0x40/0x70
[ 3092.942771]  ? __switch_to_asm+0x34/0x70
[ 3092.946829]  ? __switch_to_asm+0x40/0x70
[ 3092.950891]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3092.956433]  __handle_mm_fault+0x3d40/0x5a40
[ 3092.960849]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 3092.965696]  ? plist_check_head+0xea/0x150
[ 3092.969938]  ? plist_check_list+0xa0/0xa0
[ 3092.974085]  ? ring_buffer_record_is_on+0xe1/0x130
[ 3092.979013]  ? ring_buffer_nest_end+0xd0/0xd0
[ 3092.983521]  ? plist_check_head+0x150/0x150
[ 3092.987848]  ? schedule+0x108/0x460
[ 3092.991485]  ? handle_mm_fault+0x42a/0xc70
[ 3092.995732]  ? lock_downgrade+0x900/0x900
[ 3092.999881]  ? __do_page_fault+0xa0e/0xd10
[ 3093.004128]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3093.009060]  ? unregister_trace_event+0x3c0/0x470
[ 3093.013903]  ? lock_release+0xa10/0xa10
[ 3093.017880]  ? __do_page_fault+0x567/0xd10
[ 3093.022118]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3093.027225]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3093.032766]  ? check_preemption_disabled+0x48/0x200
[ 3093.037810]  handle_mm_fault+0x54f/0xc70
[ 3093.041880]  ? __handle_mm_fault+0x5a40/0x5a40
[ 3093.046468]  ? find_vma+0x34/0x190
[ 3093.050024]  __do_page_fault+0x567/0xd10
[ 3093.054092]  do_page_fault+0xed/0x7d1
[ 3093.057896]  ? vmalloc_sync_all+0x30/0x30
[ 3093.062048]  ? error_entry+0x76/0xd0
[ 3093.065770]  ? trace_hardirqs_off_caller+0xbb/0x300
[ 3093.070791]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3093.075640]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3093.080668]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3093.085519]  page_fault+0x1e/0x30
[ 3093.088976] RIP: 0010:__get_user_4+0x21/0x30
[ 3093.093902] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65
[ 3093.112807] RSP: 0018:ffff8801a5cd7830 EFLAGS: 00010206
[ 3093.118179] RAX: 0000000020013003 RBX: 0000000000000040 RCX: ffffc900044f2000
[ 3093.125465] RDX: ffffffffffffffff RSI: ffffffff81b1ba43 RDI: 0000000000000282
[ 3093.132738] RBP: ffff8801a5cd7b98 R08: 1ffff10034b9aee3 R09: 0000000000000000
[ 3093.140006] R10: 0000000000000000 R11: ffff8801cc5ee2ef R12: 1ffff10034b9af0e
[ 3093.147277] R13: ffff8801cb6e0100 R14: 000000008040450a R15: 0000000000000000
[ 3093.154568]  ? __might_fault+0x1a3/0x1e0
[ 3093.158638]  ? evdev_do_ioctl+0x159d/0x2180
[ 3093.162963]  ? str_to_user+0x90/0x90
[ 3093.166677]  ? do_futex+0x249/0x26d0
[ 3093.170398]  ? kasan_check_read+0x11/0x20
[ 3093.174547]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 3093.179823]  ? rcu_softirq_qs+0x20/0x20
[ 3093.183794]  ? unwind_dump+0x190/0x190
[ 3093.187689]  ? exit_robust_list+0x280/0x280
[ 3093.192023]  ? __fget+0x4aa/0x740
[ 3093.195476]  ? lock_downgrade+0x900/0x900
[ 3093.199633]  ? rcu_read_unlock_special+0x1c0/0x1c0
[ 3093.204568]  ? save_stack+0x43/0xd0
[ 3093.208194]  ? __kasan_slab_free+0x102/0x150
[ 3093.212605]  ? __fget+0x4d1/0x740
[ 3093.216066]  ? ksys_dup3+0x680/0x680
[ 3093.219853]  evdev_ioctl_handler+0x144/0x1a0
[ 3093.224268]  evdev_ioctl+0x27/0x30
[ 3093.227811]  ? evdev_ioctl_compat+0x30/0x30
[ 3093.232221]  do_vfs_ioctl+0x1de/0x1720
[ 3093.236116]  ? ioctl_preallocate+0x300/0x300
[ 3093.240524]  ? __fget_light+0x2e9/0x430
[ 3093.244504]  ? fget_raw+0x20/0x20
[ 3093.247958]  ? _copy_to_user+0xc8/0x110
[ 3093.251940]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3093.257485]  ? put_timespec64+0x10f/0x1b0
[ 3093.261648]  ? nsecs_to_jiffies+0x30/0x30
[ 3093.265833]  ? security_file_ioctl+0x94/0xc0
[ 3093.270244]  ksys_ioctl+0xa9/0xd0
[ 3093.273728]  __x64_sys_ioctl+0x73/0xb0
[ 3093.277617]  do_syscall_64+0x1b9/0x820
[ 3093.281504]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3093.286872]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3093.291798]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3093.296643]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3093.301659]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3093.306679]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3093.311722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3093.316573]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3093.321762] RIP: 0033:0x457519
[ 3093.324958] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 3093.343865] RSP: 002b:00007f234463fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3093.351573] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519
[ 3093.358843] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000006
[ 3093.366111] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[ 3093.373377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23446406d4
[ 3093.380642] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3093.392723] CR0=0000000080050033 CR3=0000000196c30000 CR4=00000000001426f0
[ 3093.400178] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3093.407172] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
04:16:49 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1802]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:49 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009030300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:49 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
sched_yield()
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3093.413597] *** Control State ***
[ 3093.426875] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3093.428045] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3093.433942] EntryControls=0000d1ff ExitControls=002fefff
[ 3093.447936] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3093.454944] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
04:16:49 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3093.462673] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3093.474447]         reason=80000021 qualification=0000000000000000
[ 3093.482528] IDTVectoring: info=00000000 errcode=00000000
[ 3093.488164] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3093.497013] TSC Offset = 0xfffff985aeb135b7
[ 3093.502449] EPT pointer = 0x00000001d24e401e
04:16:49 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a00090f0300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:49 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8035]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3093.594520] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3093.596955] *** Guest State ***
[ 3093.611314] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3093.630066] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3093.645382] CR3 = 0x0000000000002000
[ 3093.649343] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3093.657940] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3093.664475] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3093.671377] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3093.677429] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3093.683433] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3093.690617] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3093.698688] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3093.706790] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3093.714762] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3093.722776] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3093.730789] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:49 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009380100001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3093.738821] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3093.746878] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3093.754841] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3093.762878] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3093.770991] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3093.777449] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3093.785363] Interruptibility = 00000000  ActivityState = 00000000
[ 3093.791877] *** Host State ***
[ 3093.795082] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018b8a7390
[ 3093.801145] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3093.807699] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3093.815542] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3093.819465] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3093.821508] CR0=0000000080050033 CR3=00000001d7406000 CR4=00000000001426e0
[ 3093.821525] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3093.821542] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3093.849867] *** Control State ***
[ 3093.853347] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3093.860058] EntryControls=0000d1ff ExitControls=002fefff
[ 3093.865528] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3093.872595] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3093.879323] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3093.885902]         reason=80000021 qualification=0000000000000000
04:16:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3093.892249] IDTVectoring: info=00000000 errcode=00000000
[ 3093.897744] TSC Offset = 0xfffff984f219ba0f
[ 3093.902055] EPT pointer = 0x00000001a60b201e
[ 3093.921007] netlink: 16 bytes leftover after parsing attributes in process `syz-executor2'.
04:16:49 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xf0ffff]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:49 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:49 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009020300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:50 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3094.289594] *** Guest State ***
[ 3094.293057] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[ 3094.305987] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[ 3094.315389] CR3 = 0x0000000000000000
[ 3094.320215] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3094.326346] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3094.332569] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3094.339407] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.347532] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.364496] SS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.372653] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.380761] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:50 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x5)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:50 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009040300001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:50 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x1100]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:50 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x8401, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000100)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x4})
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f00000001c0)={r1, r1, 0xf70, 0x40, &(0x7f0000000140)="e15bbc29b133585f383c37db5196be37f7d5f339e34b053168b3ff5677dd905c5883435afa5dd8df44601beda2970ab71bb929b73fd926388cf8c85c42c62918b3d77a50629aa06301b3685f192f3f4c0de337deedaa819b", 0x9, 0x5, 0x5, 0x0, 0x7, 0xfff, 0x1, "ba3fd81eb576c40b6a86ab653d86f52420f88b8083f8276b477856bd169a7ef60ed7fa21ce62411631ffe08c47205284a71c24920fc2feda592ecfc6e8f8611feb5d78ec7f02a37724f487c4a1edcc8dba260cc1c89b326b0ab563d2132b3b2f4607c9847801a3c278d4928186919e55695c265c81"})
clone(0x1020100, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3094.388849] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.396960] GDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3094.413347] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.423425] IDTR:                           limit=0x00000000, base=0x0000000000000000
[ 3094.436048] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.451459] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[ 3094.458088] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3094.465661] Interruptibility = 00000000  ActivityState = 00000000
[ 3094.472115] *** Host State ***
[ 3094.475436] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801bf6df390
[ 3094.481572] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
04:16:50 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000200001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3094.489544] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3094.497453] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3094.503371] CR0=0000000080050033 CR3=0000000173807000 CR4=00000000001426e0
[ 3094.510584] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3094.517527] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3094.523589] *** Control State ***
[ 3094.527087] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3094.533766] EntryControls=0000d1ff ExitControls=002fefff
04:16:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3094.539330] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3094.546270] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3094.553019] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3094.559668]         reason=80000021 qualification=0000000000000000
[ 3094.566027] IDTVectoring: info=00000000 errcode=00000000
[ 3094.571531] TSC Offset = 0xfffff9848f41bd27
[ 3094.575853] EPT pointer = 0x00000001c6f9901e
[ 3094.630401] *** Guest State ***
[ 3094.633850] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3094.643229] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3094.652574] CR3 = 0x0000000000002000
[ 3094.656335] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3094.662909] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3094.669464] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3094.675493] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3094.683420] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3094.690155] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3094.698182] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3094.706161] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3094.714554] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3094.722595] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:50 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x600]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:50 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000138001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3094.731226] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3094.746952] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3094.754953] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3094.774003] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3094.782265] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3094.790593] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3094.797772] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3094.805235] Interruptibility = 00000000  ActivityState = 00000000
[ 3094.811514] *** Host State ***
[ 3094.814717] RIP = 0xffffffff811f9ed3  RSP = 0xffff88010f90f390
[ 3094.820895] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3094.827359] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3094.835165] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3094.841593] CR0=0000000080050033 CR3=0000000173807000 CR4=00000000001426e0
[ 3094.848671] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3094.855651] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3094.861797] *** Control State ***
[ 3094.865249] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3094.871995] EntryControls=0000d1ff ExitControls=002fefff
04:16:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3094.877637] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3094.884628] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3094.891389] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3094.898061]         reason=80000021 qualification=0000000000000000
[ 3094.904569] IDTVectoring: info=00000000 errcode=00000000
[ 3094.910099] TSC Offset = 0xfffff9845fe73dbd
[ 3094.914426] EPT pointer = 0x00000001c90e001e
04:16:50 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000393711d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:50 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ef05aa2]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:50 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x110000e0}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:51 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x7]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:51 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a000900030f001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:51 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x4, 0x181000)
finit_module(r0, &(0x7f00000001c0)='\x00', 0x1)
mmap(&(0x7f0000c5f000/0x1000)=nil, 0x1000, 0x807, 0x31, 0xffffffffffffffff, 0x100000)
r1 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r2 = socket$inet6(0xa, 0x1000000000002, 0x6)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x600000, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000100)=0x2, 0x4)
setsockopt$bt_rfcomm_RFCOMM_LM(r3, 0x12, 0x3, &(0x7f0000000140)=0x74, 0x4)
r4 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r4, 0x8040450a, &(0x7f0000013000))

04:16:51 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x20000, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000080)=ANY=[@ANYBLOB="07000001020003000008c60d080000000000"], 0x12)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3095.387030] *** Guest State ***
[ 3095.394446] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3095.403350] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3095.403357] CR3 = 0x0000000000002000
[ 3095.403369] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3095.403381] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3095.403389] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:51 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300401d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3095.403400] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3095.403416] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3095.403430] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3095.403451] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3095.403470] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3095.403490] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:51 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x200000, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000080)={0x101, 0x12, 0x5b, 0x2000000000000, "61768ee513b45b80eb945d43b687ad2579f383d37ce74dce06b59fdd99ebf0e6"})
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3095.403510] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3095.403529] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3095.416221] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3095.504303] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3095.514249] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3095.529561] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:51 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f000061b000/0x1000)=nil, &(0x7f000029e000/0x2000)=nil, 0x1000, 0x1})
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3095.546312] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3095.553538] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3095.561957] Interruptibility = 00000000  ActivityState = 00000000
[ 3095.568730] *** Host State ***
[ 3095.572086] RIP = 0xffffffff811f9ed3  RSP = 0xffff88017be8f390
[ 3095.578467] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3095.585839] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000
04:16:51 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8000a0ffffffff]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:51 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a00090003f0001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3095.601724] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3095.608223] CR0=0000000080050033 CR3=00000001cb68b000 CR4=00000000001426f0
[ 3095.615530] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3095.624630] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3095.632178] *** Control State ***
[ 3095.636892] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3095.646002] EntryControls=0000d1ff ExitControls=002fefff
[ 3095.652171] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3095.659625] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3095.666757] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3095.673468]         reason=80000021 qualification=0000000000000000
[ 3095.680283] IDTVectoring: info=00000000 errcode=00000000
[ 3095.685947] TSC Offset = 0xfffff983fee7881e
[ 3095.690467] EPT pointer = 0x00000001854e501e
04:16:51 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:51 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:51 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000371931d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:51 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x200000000000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3096.006898] *** Guest State ***
[ 3096.010331] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3096.019816] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3096.028828] CR3 = 0x0000000000002000
[ 3096.032658] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3096.039308] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3096.048178] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3096.054236] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3096.060271] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3096.066987] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3096.074962] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.082976] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.090987] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.099006] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.107003] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.114971] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3096.123005] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3096.131132] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3096.139158] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3096.147557] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:52 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300031d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3096.153993] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3096.161490] Interruptibility = 00000000  ActivityState = 00000000
[ 3096.168092] *** Host State ***
[ 3096.171300] RIP = 0xffffffff811f9ed3  RSP = 0xffff88012401f390
[ 3096.177340] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3096.184100] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3096.191957] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3096.197908] CR0=0000000080050033 CR3=00000001c9584000 CR4=00000000001426e0
04:16:52 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3096.204985] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3096.211724] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3096.218377] *** Control State ***
[ 3096.221847] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3096.228585] EntryControls=0000d1ff ExitControls=002fefff
[ 3096.234056] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3096.241428] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3096.248171] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3096.248180]         reason=80000021 qualification=0000000000000000
[ 3096.248187] IDTVectoring: info=00000000 errcode=00000000
[ 3096.248194] TSC Offset = 0xfffff983ab0c526a
[ 3096.248203] EPT pointer = 0x00000001c210d01e
04:16:52 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000304001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:52 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x6, 0x82001)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000100)={<r3=>0x0, @in={{0x2, 0x4e21, @local}}}, &(0x7f0000000080)=0x84)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r3, 0xffffffffffffffa9, 0x6c, "e73898def470d40d2922bb09b371f041ac05428816130a848e3a328f3a354467d1f3baa69c47ae12948d75d12ec985c4993a29ac33147fe80871312766775e82fb2a9cfda21d8dd21161e433781e540954dff38d4019dd4474feb7123b702ea859fd317e1df5b741b8837431"}, 0x74)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:52 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:52 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8000a0]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3096.586850] *** Guest State ***
[ 3096.590292] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3096.599340] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3096.610609] CR3 = 0x0000000000002000
[ 3096.614570] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3096.621121] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3096.627662] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3096.633631] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3096.639694] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3096.646371] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3096.654371] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.662371] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.670378] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.678388] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.686355] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3096.694391] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3096.702447] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3096.710474] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3096.718917] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3096.726927] EFER =     0x0000000000000001  PAT = 0x0007040600070406
04:16:52 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:52 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300f01d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3096.733520] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3096.741023] Interruptibility = 00000000  ActivityState = 00000000
[ 3096.747348] *** Host State ***
[ 3096.750549] RIP = 0xffffffff811f9ed3  RSP = 0xffff88019c927390
[ 3096.756533] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3096.764127] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3096.772264] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3096.778658] CR0=0000000080050033 CR3=00000001cb0eb000 CR4=00000000001426f0
[ 3096.785930] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3096.792662] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3096.798756] *** Control State ***
[ 3096.802218] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3096.808932] EntryControls=0000d1ff ExitControls=002fefff
[ 3096.814382] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3096.821333] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3096.828023] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
04:16:52 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000001}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3096.834585]         reason=80000021 qualification=0000000000000000
[ 3096.840932] IDTVectoring: info=00000000 errcode=00000000
[ 3096.846385] TSC Offset = 0xfffff98359714eb2
[ 3096.850766] EPT pointer = 0x00000001bb54b01e
04:16:52 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x806000000000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3096.937735] *** Guest State ***
[ 3096.941306] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3096.950430] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3096.959610] CR3 = 0x0000000000002000
[ 3096.963574] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3096.972295] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3096.979196] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:52 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000303001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3096.985250] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3096.998550] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3097.011249] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3097.020005] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.028437] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.036995] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.045403] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.053747] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.061787] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3097.069812] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3097.077828] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3097.085816] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3097.094173] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3097.100658] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3097.108162] Interruptibility = 00000000  ActivityState = 00000000
[ 3097.114388] *** Host State ***
[ 3097.117638] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018a2ef390
[ 3097.123629] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3097.130122] FSBase=00007fcd69185700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3097.137945] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3097.143818] CR0=0000000080050033 CR3=000000010a5f4000 CR4=00000000001426f0
[ 3097.150871] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3097.157585] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3097.163641] *** Control State ***
[ 3097.167137] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3097.173811] EntryControls=0000d1ff ExitControls=002fefff
[ 3097.179315] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

[ 3097.186239] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3097.192952] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3097.199630]         reason=80000021 qualification=0000000000000000
[ 3097.205963] IDTVectoring: info=00000000 errcode=00000000
[ 3097.211840] TSC Offset = 0xfffff9832851742a
[ 3097.216167] EPT pointer = 0x00000001c30ce01e
04:16:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000302001d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:53 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x8060000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:53 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x200000, 0x0)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000100)={<r2=>0x0, 0x98, "3afb5d3e7ce2d47f8476932add8b9e67fb3c6d623ed26f3b415d2e3e256aa4176cbda502009b5adaea451c0f7f410c3ad313e03069d3ede0ac5b2badeaf45836e75006a90f6f3e622de105d71235fe5a5b373a44b55fcb3488ec5c97368aa28fe04dc86a43720c9679ae762145da73cc8b35a33c55722a10f69ad718b613b0fcc1308747890f3375015ab80c189775488b90a6b87011ac0f"}, &(0x7f0000000080)=0xa0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r2, 0x4, 0x5}, &(0x7f0000000200)=0xc)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:53 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000040))
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

04:16:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a00090003000f1d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3097.446969] *** Guest State ***
[ 3097.450324] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3097.459871] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3097.480018] CR3 = 0x0000000000002000
[ 3097.484093] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3097.491576] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3097.499143] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3097.506189] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3097.514560] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3097.521383] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3097.529568] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.538252] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.546265] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.554746] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.562971] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.571164] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3097.579354] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
04:16:53 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:53 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xd000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a00090003003f1d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3097.604158] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3097.618100] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3097.626628] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3097.634014] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3097.641832] Interruptibility = 00000000  ActivityState = 00000000
[ 3097.648798] *** Host State ***
[ 3097.652120] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801218df390
[ 3097.658149] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3097.664574] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3097.672555] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3097.679172] CR0=0000000080050033 CR3=00000001ce8a1000 CR4=00000000001426e0
[ 3097.686185] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3097.692919] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3097.699000] *** Control State ***
[ 3097.702458] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3097.709174] EntryControls=0000d1ff ExitControls=002fefff
[ 3097.714636] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3097.721602] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3097.728767] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3097.735359]         reason=80000021 qualification=0000000000000000
[ 3097.741744] IDTVectoring: info=00000000 errcode=00000000
[ 3097.747222] TSC Offset = 0xfffff982e40486d2
04:16:53 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000008}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300031d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3097.751539] EPT pointer = 0x000000016a85c01e
04:16:53 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xffffca88]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3097.847886] *** Guest State ***
[ 3097.851283] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3097.863647] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3097.872570] CR3 = 0x0000000000002000
[ 3097.876753] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3097.883256] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3097.891337] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a00090003000f1d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3097.905004] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3097.913377] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3097.926774] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3097.934760] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.945441] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.954445] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.962913] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.971124] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3097.979652] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3097.988262] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3097.996328] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3098.004448] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3098.012564] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3098.019111] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3098.026550] Interruptibility = 00000000  ActivityState = 00000000
[ 3098.032818] *** Host State ***
[ 3098.036014] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018a2ef390
[ 3098.042029] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3098.048657] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3098.056441] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3098.062363] CR0=0000000080050033 CR3=00000001ce8a1000 CR4=00000000001426e0
[ 3098.069533] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3098.076508] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3098.082610] *** Control State ***
[ 3098.086073] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3098.092764] EntryControls=0000d1ff ExitControls=002fefff
[ 3098.098376] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
04:16:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300021d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3098.105289] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 3098.111970] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3098.118799]         reason=80000021 qualification=0000000000000000
[ 3098.125115] IDTVectoring: info=00000000 errcode=00000000
[ 3098.130589] TSC Offset = 0xfffff982acb72f15
[ 3098.134916] EPT pointer = 0x0000000184ce801e
04:16:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:54 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x608]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
r2 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x3ff, 0x841)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r2, 0xc008551b, &(0x7f0000000140)={0x5d, 0x20, [0x8, 0x20, 0x80000001, 0x8b, 0x0, 0x8, 0x40, 0x10001]})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040))
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))

04:16:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300041d85680c1ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3098.408670] *** Guest State ***
[ 3098.413680] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3098.422856] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3098.432146] CR3 = 0x0000000000002000
[ 3098.436089] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3098.447018] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
04:16:54 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:54 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x400000000080001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
dup3(r0, r0, 0x80000)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
socket$vsock_dgram(0x28, 0x2, 0x0)
ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000080))
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
r2 = semget$private(0x0, 0x3, 0x100)
semctl$IPC_STAT(r2, 0x0, 0x2, &(0x7f0000000040)=""/60)

[ 3098.453724] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3098.465721] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3098.473854] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3098.481343] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3098.491377] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.500251] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
04:16:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d8568081ba3a20400ff7e", 0x24}], 0x1}, 0x0)

04:16:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x4000000000080000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f00003c7000/0x3000)=nil, 0x3000})
r2 = syz_open_dev$usb(&(0x7f0000000340)='/dev/bus/usb/00#/00#\x00', 0x3, 0x100)
ioctl$KDADDIO(r2, 0x4b34, 0x8000000000000009)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={<r3=>r1})
r4 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$clear(0x7, r4)
r5 = dup3(r0, r3, 0x80000)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r5, 0x2405, r1)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000100)=[@in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e21, 0x9, @dev={0xfe, 0x80, [], 0x20}, 0x8}, @in6={0xa, 0x4e20, 0xfff, @local, 0x2}, @in={0x2, 0x4e24}], 0x58)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={<r6=>0x0, 0xccf9}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000240)=@assoc_id=r6, &(0x7f0000000280)=0x4)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/attr/current\x00', 0x2, 0x0)
r7 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r7, 0x8040450a, &(0x7f0000013000))

[ 3098.516042] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.528761] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.543677] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.558024] GDTR:                           limit=0x000007ff, base=0x0000000000001000
04:16:54 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0xffffffffffffffff})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000040)={0x101, 0x3})
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

04:16:54 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x28]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3098.572987] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3098.612841] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3098.622527] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3098.631619] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3098.638447] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3098.645989] Interruptibility = 00000000  ActivityState = 00000000
[ 3098.652838] *** Host State ***
[ 3098.656089] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801891e7390
[ 3098.662486] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
04:16:54 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl$UI_DEV_DESTROY(r1, 0x5502)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3098.669063] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3098.676999] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3098.683036] CR0=0000000080050033 CR3=00000001beb7e000 CR4=00000000001426e0
[ 3098.690226] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3098.697005] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3098.703074] *** Control State ***
[ 3098.706547] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3098.713252] EntryControls=0000d1ff ExitControls=002fefff
04:16:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d8568251ba3a20400ff7e", 0x24}], 0x1}, 0x0)

[ 3098.719486] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3098.727355] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 3098.734389] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3098.742908]         reason=80000021 qualification=0000000000000000
[ 3098.749345] IDTVectoring: info=00000000 errcode=00000000
[ 3098.756819] TSC Offset = 0xfffff9825e1a0994
[ 3098.761150] EPT pointer = 0x00000001d7fbb01e
04:16:54 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:54 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
getsockname$packet(0xffffffffffffff9c, &(0x7f0000000340)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
sendmsg$can_raw(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x1d, r2}, 0x10, &(0x7f0000000440)={&(0x7f0000000400)=@can={{0x3, 0x3, 0x3, 0x4}, 0x7, 0x3, 0x0, 0x0, "84e2935c58e2c6e1"}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x41)
flistxattr(r0, &(0x7f0000000200)=""/228, 0xe4)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f00000001c0))
ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080))
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000100)={0x3})
r3 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000013000))
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x40a200, 0x0)
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r4, 0x800454e1, &(0x7f0000000180)=r5)

04:16:54 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x2000000000000000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3098.852484] *** Guest State ***
[ 3098.855866] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3098.864944] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3098.873949] CR3 = 0x0000000000002000
[ 3098.877965] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3098.884556] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3098.891246] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
04:16:54 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20300ff7e", 0x24}], 0x1}, 0x0)

[ 3098.906445] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3098.913295] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3098.927371] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3098.935476] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.946980] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.956796] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.965160] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.973438] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3098.981668] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3098.989909] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3098.992895] __nla_parse: 4 callbacks suppressed
[ 3098.992906] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.000032] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3099.019372] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3099.027451] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3099.033866] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3099.041487] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.050439] Interruptibility = 00000000  ActivityState = 00000000
[ 3099.056733] *** Host State ***
[ 3099.059926] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801bc667390
[ 3099.065899] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3099.072531] FSBase=00007fcd691a6700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[ 3099.080403] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3099.086308] CR0=0000000080050033 CR3=0000000133b94000 CR4=00000000001426f0
[ 3099.094239] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3099.101126] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3099.107513] *** Control State ***
[ 3099.111003] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3099.117738] EntryControls=0000d1ff ExitControls=002fefff
[ 3099.123196] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3099.130460] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3099.137293] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3099.143953]         reason=80000021 qualification=0000000000000000
[ 3099.150513] IDTVectoring: info=00000000 errcode=00000000
[ 3099.155962] TSC Offset = 0xfffff9821dd2768f
[ 3099.160353] EPT pointer = 0x00000001be2c401e
04:16:55 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91ffffff]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

04:16:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20403ff7e", 0x24}], 0x1}, 0x0)

04:16:55 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:55 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x800e0000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3099.310659] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.332749] *** Guest State ***
[ 3099.336262] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3099.345628] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3099.354771] CR3 = 0x0000000000002000
[ 3099.360246] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3099.367191] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3099.369125] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.374930] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3099.388439] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3099.394449] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3099.394462] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3099.394490] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3099.394509] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3099.394526] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3099.433505] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3099.441636] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3099.450185] GDTR:                           limit=0x000007ff, base=0x0000000000001000
04:16:55 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a2040fff7e", 0x24}], 0x1}, 0x0)

[ 3099.458230] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3099.466201] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3099.474228] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3099.482216] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3099.488738] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3099.496195] Interruptibility = 00000000  ActivityState = 00000000
[ 3099.503006] *** Host State ***
[ 3099.506442] RIP = 0xffffffff811f9ed3  RSP = 0xffff88018987f390
[ 3099.506538] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.521086] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3099.528448] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3099.536556] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3099.542898] CR0=0000000080050033 CR3=00000001cc792000 CR4=00000000001426e0
[ 3099.549963] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
04:16:55 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x30]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3099.556696] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3099.562765] *** Control State ***
[ 3099.566211] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3099.572902] EntryControls=0000d1ff ExitControls=002fefff
[ 3099.578416] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3099.585342] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3099.592115] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3099.598744]         reason=80000021 qualification=0000000000000000
[ 3099.605058] IDTVectoring: info=00000000 errcode=00000000
[ 3099.618203] TSC Offset = 0xfffff981dc6ea959
[ 3099.622633] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3099.632966] EPT pointer = 0x00000001bf4af01e
04:16:57 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x2)
sysfs$3(0x3)

04:16:57 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20402ff7e", 0x24}], 0x1}, 0x0)

04:16:57 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:57 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xfffff000]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

04:16:57 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0xeb4c6384c847f7e1, 0x0)

04:16:57 executing program 0:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000200), 0xfffffffffffffeb4, 0x2000800e, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2, 0x7000028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000200)='hybla\x00', 0x22)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x389756b1353683f6, 0x120, 0x0, 0xffffffffffffffeb)

[ 3101.890561] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3101.914341] *** Guest State ***
[ 3101.918223] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
04:16:57 executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070")
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000))

[ 3101.939444] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3101.958805] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3101.983501] CR3 = 0x0000000000002000
04:16:57 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20404ff7e", 0x24}], 0x1}, 0x0)

[ 3101.990236] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3101.997230] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3102.003830] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3102.010683] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3102.017176] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3102.031448] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3102.039929] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.048017] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.056009] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.064126] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.072278] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.075397] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
[ 3102.080343] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3102.080364] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3102.080378] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3102.080393] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3102.080403] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3102.080414] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3102.080424] Interruptibility = 00000000  ActivityState = 00000000
[ 3102.080428] *** Host State ***
[ 3102.080440] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801cd5df390
[ 3102.080463] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3102.080475] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000
[ 3102.080493] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000
[ 3102.080509] CR0=0000000080050033 CR3=0000000134248000 CR4=00000000001426e0
[ 3102.080524] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87c01360
[ 3102.080535] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3102.080539] *** Control State ***
[ 3102.080549] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3102.080556] EntryControls=0000d1ff ExitControls=002fefff
[ 3102.080569] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3102.080578] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3102.080587] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3102.080595]         reason=80000021 qualification=0000000000000000
[ 3102.080602] IDTVectoring: info=00000000 errcode=00000000
[ 3102.080616] TSC Offset = 0xfffff980795f0edc
04:16:58 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0008000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:58 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0xd00]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3102.242255] EPT pointer = 0x0000000120a6b01e
[ 3102.260894] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
04:16:58 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x33fe0}], 0x1}, 0x0)

[ 3102.327086] *** Guest State ***
[ 3102.330654] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3102.339846] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3102.349065] CR3 = 0x0000000000002000
[ 3102.355323] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3102.362470] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3102.370811] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3102.377286] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3102.383851] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3102.391404] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3102.399649] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.408026] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.416338] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.424736] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.433042] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.441071] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3102.449350] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3102.457397] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3102.465591] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
04:16:58 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0x7ffff000}], 0x1}, 0x0)

[ 3102.473972] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3102.480432] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3102.487920] Interruptibility = 00000000  ActivityState = 00000000
[ 3102.494139] *** Host State ***
[ 3102.497390] RIP = 0xffffffff811f9ed3  RSP = 0xffff8801b05a7390
[ 3102.503367] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3102.509977] FSBase=00007fcd69185700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3102.517898] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
04:16:58 executing program 1:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r1 = socket(0x11, 0x4000000000080003, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xfff, 0x4)
bind$packet(r1, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r1, 0x107, 0x5, &(0x7f0000001000), 0xc5)
syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "b7e720", 0x8, 0x11, 0x0, @local={0xfe, 0x80, [0x11]}, @local, {[], @icmpv6=@echo_request}}}}}, &(0x7f0000000180))

[ 3102.525133] CR0=0000000080050033 CR3=0000000134248000 CR4=00000000001426e0
[ 3102.532271] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3102.539011] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3102.545097] *** Control State ***
[ 3102.549243] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3102.556022] EntryControls=0000d1ff ExitControls=002fefff
[ 3102.561879] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3102.569521] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
04:16:58 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:58 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0xf}], 0x1}, 0x0)

[ 3102.577166] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3102.583887]         reason=80000021 qualification=0000000000000000
[ 3102.595109] IDTVectoring: info=00000000 errcode=00000000
[ 3102.606813] TSC Offset = 0xfffff98043c01ab4
[ 3102.611547] EPT pointer = 0x0000000123c0001e
04:16:58 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000000c0)="64263e0f0132f20f0131ba4100b80400ef0f06dde566b9800000c00f326635004000000f30b800008ee0baf80c66b800212b8266efbafc0c66b8b58ec8fa66efba4300ed0f96d5", 0x47}], 0x1, 0x0, &(0x7f0000000080), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000040)="b9800000c00f3235001000000f30f24c0f2c49e8426dc4027d3493b80800003626660f7e676d660f1678b06cc403f9dfbeb70000000bc7442400f5000000c744240284d178bcff1c24f2f347dbe1", 0x4e}], 0x1, 0x0, &(0x7f00000000c0), 0x10000000000003e9)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000007c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10d000000000000}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100})

04:16:58 executing program 2:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000002000)="24000000100007031dfffd946fa2830020200a0009000300001d85680c1ba3a20400ff7e", 0xfffffdef}], 0x1}, 0x0)

04:16:58 executing program 4:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000ee3fe0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1})
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0)
r2 = socket(0x3, 0x6, 0x4)
getpeername$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000080)=0x14)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000013000))

[ 3102.738018] *** Guest State ***
[ 3102.741445] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[ 3102.750526] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[ 3102.759916] CR3 = 0x0000000000002000
[ 3102.763760] PDPTR0 = 0x0000000000000000  PDPTR1 = 0x0000000000000000
[ 3102.777931] PDPTR2 = 0x0000000000000000  PDPTR3 = 0x0000000000000000
[ 3102.808481] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[ 3102.814856] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[ 3102.822891] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[ 3102.831161] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[ 3102.839275] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.854764] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.866076] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.875140] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.883294] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[ 3102.891453] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[ 3102.903477] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[ 3102.912397] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[ 3102.920765] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[ 3102.928931] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[ 3102.935418] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[ 3102.942944] Interruptibility = 00000000  ActivityState = 00000000
[ 3102.949206] *** Host State ***
[ 3102.952386] RIP = 0xffffffff811f9ed3  RSP = 0xffff880123d97390
[ 3102.958427] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[ 3102.964835] FSBase=00007fcd691a6700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[ 3102.972699] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[ 3102.978633] CR0=0000000080050033 CR3=000000018ccfe000 CR4=00000000001426e0
[ 3102.985643] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c01360
[ 3102.992351] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[ 3102.998438] *** Control State ***
[ 3103.001887] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[ 3103.008594] EntryControls=0000d1ff ExitControls=002fefff
[ 3103.014055] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[ 3103.021014] VMEntry: intr_info=00000b0d errcode=00000000 ilen=00000000
[ 3103.027716] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 3103.034279]         reason=80000021 qualification=0000000000000000
[ 3103.040619] IDTVectoring: info=00000000 errcode=00000000
[ 3103.046065] TSC Offset = 0xfffff98009f196ab
[ 3103.050450] EPT pointer = 0x00000001bce1101e
[ 3249.926920] INFO: task syz-executor5:13420 blocked for more than 140 seconds.
[ 3249.934220]       Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3249.940293] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3249.948298] syz-executor5   D23552 13420  11973 0x00000004
[ 3249.953945] Call Trace:
[ 3249.956520]  __schedule+0x8cf/0x21d0
[ 3249.960265]  ? __sched_text_start+0x8/0x8
[ 3249.964428]  ? mark_held_locks+0x130/0x130
[ 3249.968907]  ? schedule+0x108/0x460
[ 3249.972560]  ? bpf_prog_kallsyms_find+0xde/0x4a0
[ 3249.977457]  schedule+0xfe/0x460
[ 3249.980827]  ? __mutex_lock+0xafa/0x16f0
[ 3249.984870]  ? __schedule+0x21d0/0x21d0
[ 3249.988872]  ? kasan_check_read+0x11/0x20
[ 3249.993022]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 3249.997505]  ? do_raw_spin_trylock+0x270/0x270
[ 3250.002093]  ? __ww_mutex_add_waiter.part.15+0x120/0x120
[ 3250.007570]  ? mutex_destroy+0x200/0x200
[ 3250.011633]  schedule_preempt_disabled+0x13/0x20
[ 3250.016370]  __mutex_lock+0xaff/0x16f0
[ 3250.020280]  ? evdev_release+0xfe/0x1e0
[ 3250.024257]  ? mutex_trylock+0x2b0/0x2b0
[ 3250.028343]  ? save_stack+0xa9/0xd0
[ 3250.031968]  ? kasan_slab_free+0xe/0x10
[ 3250.035923]  ? kfree+0xcf/0x230
[ 3250.039219]  ? kvfree+0x61/0x70
[ 3250.042496]  ? evdev_release+0xf3/0x1e0
[ 3250.046451]  ? __fput+0x3bc/0xa70
[ 3250.049924]  ? ____fput+0x15/0x20
[ 3250.053377]  ? task_work_run+0x1e8/0x2a0
[ 3250.057469]  ? exit_to_usermode_loop+0x318/0x380
[ 3250.062341]  ? do_syscall_64+0x6be/0x820
[ 3250.066386]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3250.072324]  ? trace_hardirqs_off+0xb8/0x310
[ 3250.076794]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 3250.081214]  ? trace_hardirqs_on+0x310/0x310
[ 3250.085606]  ? synchronize_rcu_expedited+0xa0/0xa0
[ 3250.090560]  ? lock_downgrade+0x900/0x900
[ 3250.094712]  ? kfree_call_rcu+0x10/0x10
[ 3250.098712]  ? trace_hardirqs_off+0xb8/0x310
[ 3250.103156]  ? trace_hardirqs_on+0x310/0x310
[ 3250.107705]  ? debug_check_no_obj_freed+0x305/0x58d
[ 3250.112798]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3250.118377]  ? check_preemption_disabled+0x48/0x200
[ 3250.123398]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.127791]  ? kvfree+0x61/0x70
[ 3250.131106]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3250.136193]  ? __kasan_slab_free+0x119/0x150
[ 3250.140622]  ? kvfree+0x61/0x70
[ 3250.143906]  mutex_lock_nested+0x16/0x20
[ 3250.147989]  ? mutex_lock_nested+0x16/0x20
[ 3250.152225]  evdev_release+0xfe/0x1e0
[ 3250.156007]  __fput+0x3bc/0xa70
[ 3250.159325]  ? evdev_detach_client+0x290/0x290
[ 3250.163903]  ? get_max_files+0x20/0x20
[ 3250.167819]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.172146]  ? kasan_check_read+0x11/0x20
[ 3250.176285]  ? task_work_run+0x1af/0x2a0
[ 3250.180382]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3250.185486]  ? filp_close+0x1cd/0x250
[ 3250.189321]  ____fput+0x15/0x20
[ 3250.192604]  task_work_run+0x1e8/0x2a0
[ 3250.196474]  ? task_work_cancel+0x240/0x240
[ 3250.201170]  ? copy_fd_bitmaps+0x210/0x210
[ 3250.205401]  exit_to_usermode_loop+0x318/0x380
[ 3250.210005]  ? __bpf_trace_sys_exit+0x30/0x30
[ 3250.214506]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3250.220100]  do_syscall_64+0x6be/0x820
[ 3250.224001]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3250.229388]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3250.234316]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3250.239296]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3250.244318]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3250.249361]  ? prepare_exit_to_usermode+0x291/0x3b0
[ 3250.254378]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3250.259468]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3250.264683] RIP: 0033:0x410ff1
[ 3250.267909] Code: 8b 44 24 10 48 8b 4c 24 08 48 89 0c 24 89 44 24 08 48 8b 44 24 30 48 89 44 24 10 e8 b9 21 00 00 48 8b 44 24 30 48 89 44 24 58 <48> 8b 6c 24 38 48 83 c4 40 c3 48 8d 05 5c ee 48 00 48 89 04 24 48
[ 3250.286828] RSP: 002b:00007ffdccdb7160 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 3250.294519] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000410ff1
[ 3250.301820] RDX: 0000000000000000 RSI: 0000000000730590 RDI: 0000000000000008
[ 3250.309210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 3250.316463] R10: 00007ffdccdb7090 R11: 0000000000000293 R12: 0000000000000000
[ 3250.323929] R13: 0000000000000001 R14: 000000000000001e R15: 0000000000000005
[ 3250.331436] INFO: task syz-executor5:13464 blocked for more than 140 seconds.
[ 3250.338736]       Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3250.344529] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3250.352534] syz-executor5   D23824 13464  11973 0x00000004
[ 3250.358194] Call Trace:
[ 3250.360779]  __schedule+0x8cf/0x21d0
[ 3250.364475]  ? __sched_text_start+0x8/0x8
[ 3250.368637]  ? __switch_to_asm+0x34/0x70
[ 3250.372710]  ? __switch_to_asm+0x34/0x70
[ 3250.376800]  ? __switch_to_asm+0x40/0x70
[ 3250.380889]  ? schedule+0x108/0x460
[ 3250.384505]  ? bpf_prog_kallsyms_find+0xde/0x4a0
[ 3250.389290]  schedule+0xfe/0x460
[ 3250.392659]  ? __mutex_lock+0xafa/0x16f0
[ 3250.396745]  ? __schedule+0x21d0/0x21d0
[ 3250.400730]  ? kasan_check_read+0x11/0x20
[ 3250.404863]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 3250.409359]  ? do_raw_spin_trylock+0x270/0x270
[ 3250.413953]  ? __ww_mutex_add_waiter.part.15+0x120/0x120
[ 3250.419440]  ? mutex_destroy+0x200/0x200
[ 3250.423505]  schedule_preempt_disabled+0x13/0x20
[ 3250.428306]  __mutex_lock+0xaff/0x16f0
[ 3250.432197]  ? evdev_release+0xfe/0x1e0
[ 3250.436154]  ? mutex_trylock+0x2b0/0x2b0
[ 3250.440254]  ? save_stack+0xa9/0xd0
[ 3250.443904]  ? kasan_slab_free+0xe/0x10
[ 3250.447915]  ? kfree+0xcf/0x230
[ 3250.451195]  ? kvfree+0x61/0x70
[ 3250.454454]  ? evdev_release+0xf3/0x1e0
[ 3250.458860]  ? __fput+0x3bc/0xa70
[ 3250.462315]  ? ____fput+0x15/0x20
[ 3250.465747]  ? task_work_run+0x1e8/0x2a0
[ 3250.469852]  ? exit_to_usermode_loop+0x318/0x380
[ 3250.474632]  ? do_syscall_64+0x6be/0x820
[ 3250.478723]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3250.484102]  ? trace_hardirqs_off+0xb8/0x310
[ 3250.489138]  ? do_raw_spin_unlock+0xa7/0x2f0
[ 3250.493547]  ? trace_hardirqs_on+0x310/0x310
[ 3250.497993]  ? synchronize_rcu_expedited+0xa0/0xa0
[ 3250.502925]  ? lock_downgrade+0x900/0x900
[ 3250.507097]  ? kfree_call_rcu+0x10/0x10
[ 3250.511072]  ? trace_hardirqs_off+0xb8/0x310
[ 3250.515497]  ? trace_hardirqs_on+0x310/0x310
[ 3250.519941]  ? debug_check_no_obj_freed+0x305/0x58d
[ 3250.524961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3250.530522]  ? check_preemption_disabled+0x48/0x200
[ 3250.535537]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.539877]  ? kvfree+0x61/0x70
[ 3250.543156]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3250.548280]  ? __kasan_slab_free+0x119/0x150
[ 3250.552687]  ? kvfree+0x61/0x70
[ 3250.555955]  mutex_lock_nested+0x16/0x20
[ 3250.560036]  ? mutex_lock_nested+0x16/0x20
[ 3250.564278]  evdev_release+0xfe/0x1e0
[ 3250.568122]  __fput+0x3bc/0xa70
[ 3250.571413]  ? evdev_detach_client+0x290/0x290
[ 3250.575975]  ? get_max_files+0x20/0x20
[ 3250.579892]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.584215]  ? kasan_check_read+0x11/0x20
[ 3250.588726]  ? task_work_run+0x1af/0x2a0
[ 3250.592787]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3250.597916]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3250.603456]  ? check_preemption_disabled+0x48/0x200
[ 3250.608494]  ____fput+0x15/0x20
[ 3250.611776]  task_work_run+0x1e8/0x2a0
[ 3250.615647]  ? task_work_cancel+0x240/0x240
[ 3250.619988]  ? cpumask_weight.constprop.5+0x3f/0x3f
[ 3250.625007]  exit_to_usermode_loop+0x318/0x380
[ 3250.629784]  ? __bpf_trace_sys_exit+0x30/0x30
[ 3250.634283]  ? ksys_ioctl+0x81/0xd0
[ 3250.637944]  do_syscall_64+0x6be/0x820
[ 3250.641833]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 3250.647231]  ? syscall_return_slowpath+0x5e0/0x5e0
[ 3250.652171]  ? trace_hardirqs_on_caller+0x310/0x310
[ 3250.657217]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 3250.662244]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[ 3250.668930]  ? __switch_to_asm+0x40/0x70
[ 3250.673003]  ? __switch_to_asm+0x34/0x70
[ 3250.677089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 3250.681932]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 3250.687138] RIP: 0033:0x457519
[ 3250.690338] Code: Bad RIP value.
[ 3250.693680] RSP: 002b:00007f23445fdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3250.701418] RAX: ffffffffffffffea RBX: 0000000000000003 RCX: 0000000000457519
[ 3250.708717] RDX: 0000000020013000 RSI: 000000008040450a RDI: 0000000000000005
[ 3250.716020] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[ 3250.723702] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23445fe6d4
[ 3250.731005] R13: 00000000004bf390 R14: 00000000004cf190 R15: 00000000ffffffff
[ 3250.738310] INFO: lockdep is turned off.
[ 3250.742354] NMI backtrace for cpu 1
[ 3250.745963] CPU: 1 PID: 980 Comm: khungtaskd Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3250.753998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3250.763328] Call Trace:
[ 3250.765897]  dump_stack+0x244/0x3ab
[ 3250.769552]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3250.774764]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 3250.780284]  nmi_cpu_backtrace.cold.2+0x5c/0xa1
[ 3250.784986]  ? lapic_can_unplug_cpu.cold.27+0x3f/0x3f
[ 3250.790161]  nmi_trigger_cpumask_backtrace+0x1e8/0x22a
[ 3250.795421]  arch_trigger_cpumask_backtrace+0x14/0x20
[ 3250.800593]  watchdog+0xb39/0x1050
[ 3250.804117]  ? reset_hung_task_detector+0xd0/0xd0
[ 3250.808944]  ? __kthread_parkme+0xce/0x1a0
[ 3250.813164]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 3250.818255]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 3250.823341]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 3250.827904]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.832204]  ? kasan_check_read+0x11/0x20
[ 3250.836334]  ? __kthread_parkme+0xce/0x1a0
[ 3250.840549]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3250.845675]  ? preempt_schedule+0x4d/0x60
[ 3250.849813]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 3250.854935]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3250.860456]  ? __kthread_parkme+0xfb/0x1a0
[ 3250.864674]  ? reset_hung_task_detector+0xd0/0xd0
[ 3250.869515]  kthread+0x35a/0x440
[ 3250.872893]  ? kthread_stop+0x8f0/0x8f0
[ 3250.876846]  ret_from_fork+0x3a/0x50
[ 3250.880671] Sending NMI from CPU 1 to CPUs 0:
[ 3250.885221] NMI backtrace for cpu 0 skipped: idling at native_safe_halt+0x6/0x10
[ 3250.886541] Kernel panic - not syncing: hung_task: blocked tasks
[ 3250.898906] CPU: 1 PID: 980 Comm: khungtaskd Not tainted 4.19.0-rc7-next-20181011+ #92
[ 3250.906938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3250.916266] Call Trace:
[ 3250.918833]  dump_stack+0x244/0x3ab
[ 3250.922458]  ? dump_stack_print_info.cold.2+0x52/0x52
[ 3250.927647]  panic+0x238/0x4e7
[ 3250.930821]  ? add_taint.cold.5+0x16/0x16
[ 3250.935174]  ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a
[ 3250.940607]  ? nmi_trigger_cpumask_backtrace+0x1f9/0x22a
[ 3250.946036]  ? nmi_trigger_cpumask_backtrace+0x1d1/0x22a
[ 3250.951468]  ? nmi_trigger_cpumask_backtrace+0x1c8/0x22a
[ 3250.956905]  watchdog+0xb4a/0x1050
[ 3250.960443]  ? reset_hung_task_detector+0xd0/0xd0
[ 3250.965267]  ? __kthread_parkme+0xce/0x1a0
[ 3250.969499]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 3250.974581]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[ 3250.979669]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[ 3250.984233]  ? trace_hardirqs_on+0xbd/0x310
[ 3250.988661]  ? kasan_check_read+0x11/0x20
[ 3250.992797]  ? __kthread_parkme+0xce/0x1a0
[ 3250.997016]  ? trace_hardirqs_off_caller+0x300/0x300
[ 3251.002101]  ? preempt_schedule+0x4d/0x60
[ 3251.006232]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[ 3251.011323]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 3251.016847]  ? __kthread_parkme+0xfb/0x1a0
[ 3251.021064]  ? reset_hung_task_detector+0xd0/0xd0
[ 3251.025886]  kthread+0x35a/0x440
[ 3251.029241]  ? kthread_stop+0x8f0/0x8f0
[ 3251.033198]  ret_from_fork+0x3a/0x50
[ 3251.037933] Kernel Offset: disabled
[ 3251.041556] Rebooting in 86400 seconds..