000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:54 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x2a8, 0x158, 0x98, 0x158, 0x98, 0x98, 0x1f0, 0x210, 0x210, 0x210, 0x1f0, 0x4, 0x0, {[{{@ip={@rand_addr, @remote, 0x0, 0x0, 'veth1_macvtap\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@connlabel={{0x28, 'connlabel\x00'}, {0x0, 0x2}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 'veth0_to_team\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000400)=0x1, 0x4)
connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
dup(r2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f00000004c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x7, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be8410f2802e944af80373be2666b665770173fbd1883303b6ac4749393ad08f139a68f00"}, 0xd8)
bind$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0xb01001f1}, 0x0)

09:55:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  168.383293] x_tables: duplicate underflow at hook 1
09:55:54 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37)
unlink(&(0x7f0000000080)='./file0\x00')
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, r1)

[  168.433287] x_tables: duplicate underflow at hook 2
09:55:54 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:55:54 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:54 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:54 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket(0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8}, 0x0)

[  168.669818] x_tables: duplicate underflow at hook 1
09:55:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:55:54 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:54 executing program 4:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000200))
timer_delete(0x0)

09:55:54 executing program 0:
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0)

09:55:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

[  168.953827] 9pnet: Insufficient options for proto=fd
09:55:55 executing program 5:
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=ANY=[], 0x38}}, 0x0)

09:55:55 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:55 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
bind(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[  169.227270] x_tables: duplicate underflow at hook 2
09:55:57 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:55:57 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

09:55:57 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}}, 0x0)

09:55:57 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:57 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37)
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r1)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup2(r2, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
truncate(&(0x7f00000000c0)='./file0\x00', 0x0)

09:55:57 executing program 5:
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8)
read(r0, &(0x7f00000002c0)=""/386, 0x182)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)

09:55:57 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

[  171.580346] 9pnet: Insufficient options for proto=fd
09:55:57 executing program 5:

09:55:57 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:55:57 executing program 4:

09:55:57 executing program 5:

[  171.670174] 9pnet: Insufficient options for proto=fd
09:55:57 executing program 1:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:00 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:00 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:00 executing program 5:

09:56:00 executing program 4:

09:56:00 executing program 1:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:00 executing program 0:

09:56:00 executing program 1:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:00 executing program 5:

09:56:00 executing program 4:

09:56:00 executing program 0:

09:56:00 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:00 executing program 1:
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:03 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:03 executing program 0:

09:56:03 executing program 4:

09:56:03 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:03 executing program 5:

09:56:03 executing program 1:
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:03 executing program 0:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)

09:56:03 executing program 5:
syz_emit_ethernet(0x5f, &(0x7f00000011c0)={@random="27d3d8c3a5f6", @local, @val, {@ipv6}}, 0x0)

09:56:03 executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:03 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f0000000000), 0x4)
bind(r0, &(0x7f0000000040)=@in={0x10, 0x2}, 0x10)

09:56:03 executing program 1:
mkdir(0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:03 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)

[  180.549835] NOHZ: local_softirq_pending 08
09:56:06 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
gettid()

09:56:06 executing program 0:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)

09:56:06 executing program 5:
r0 = socket(0x2, 0x10000001, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000140), 0x8c)

09:56:06 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f00000001c0)=ANY=[@ANYBLOB="181c", @ANYRES64], &(0x7f0000000280)=0x10b)

09:56:06 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)

09:56:06 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

09:56:06 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0)

[  180.732204] 9pnet: Insufficient options for proto=fd
09:56:06 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

09:56:06 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x107, &(0x7f0000000040), &(0x7f0000000080)=0x18)

09:56:06 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x2}, 0x1c)
r1 = dup2(r0, r0)
r2 = dup(r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x104, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

09:56:06 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

09:56:06 executing program 0:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
r2 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r3 = dup2(r2, r2)
r4 = fcntl$dupfd(r1, 0x0, r3)
sendmsg(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x100)

[  180.838693] 9pnet: Insufficient options for proto=fd
09:56:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
gettid()

09:56:09 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

09:56:09 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r0 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])

09:56:09 executing program 5:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1b, &(0x7f0000000040), 0x4)
bind(r0, &(0x7f0000000000)=@in={0x10, 0x2}, 0x10)

09:56:09 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
bind(r0, &(0x7f0000000000)=@in6={0x1c, 0x1c, 0x2}, 0x1c)

09:56:09 executing program 0:
r0 = semget$private(0x0, 0x4, 0x0)
semop(r0, &(0x7f0000000080)=[{0x1, 0x3, 0x1000}, {0x1, 0x4, 0x1800}, {0x3, 0x6, 0x3c00}, {0x3, 0x3, 0x1800}, {0x2, 0x1, 0x800}, {0x3, 0xfff9, 0x1c00}, {0x3, 0x678b, 0x1000}], 0x7)

09:56:09 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

[  183.782886] 9pnet: Insufficient options for proto=fd
09:56:09 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff})
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0)='B', 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup3(r4, r3, 0x0)
dup2(r3, r2)

09:56:09 executing program 5:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000200)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)

09:56:09 executing program 4:
perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000002b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000042, 0x0)

09:56:09 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:09 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

09:56:10 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
gettid()

09:56:10 executing program 5:
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer\x00', 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40045402, 0x0)

09:56:10 executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="25bca274769e620a2734fa0095e0612687ecb86a548802a902000000000000004e2f98b579a782d257146d0e0206e73ba8c63cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='test_dummy_encryption'])

09:56:10 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

09:56:10 executing program 4:
socketpair$unix(0x1, 0x100000000001, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r0, 0x0, r2, 0x0, 0x8ec0, 0x0)
close(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='clear_refs\x00')
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00')
sendfile(r3, r4, &(0x7f00000000c0)=0x9, 0xffff)

09:56:10 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  184.562422] ptrace attach of ""[9186] was attempted by "/root/syz-executor.2"[9188]
09:56:10 executing program 5:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff}, 0x6)
dup3(r0, r1, 0x0)

09:56:10 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)

[  184.621917] EXT4-fs (loop0): Test dummy encryption mount option ignored
[  184.629372] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
09:56:10 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0xffffffffffffffb5, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f00000003c0)=0x7fffffff, 0x4)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[], 0x2bcf)
recvmsg(r0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7115}, 0x0)

09:56:10 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

[  184.717753] EXT4-fs (loop0): Test dummy encryption mount option ignored
[  184.730441] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
09:56:10 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:10 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:11 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(0x0, 0x1000000000016)

09:56:11 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c)
fgetxattr(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="4feee7983d96a05b9f"], &(0x7f0000000c00)=""/139, 0x8b)
sendmmsg(0xffffffffffffffff, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="e0000000000000000100000001fcffffac46eb4e9a9124915a1c64b24f97a9967a9d48d72529b1f5403a752fbc1b4439193aad148fe140d50733b2051e55d64ec671335179e37f6baae1dddc1dfeae6ded223b2ead2e2f0eb3de6a3003c076c59cf44bb7a45155935a85f513ab97c142c616f052bb4949bee7c92a9293357ce08413534b346e90d99975f7606b1bda86f4bbfad02112236fbe4f5d403ac35a94d74472a5c683303601118dc208a7515f532c1bc1bed3d5b9d60aa274f310992527ccda8e84904dc47bc142a629c3c528968770f78836c80b77644739ae00000000010000000000000101000000080000d32326e006cf93fa51459f9b01fd04cb2e91da2d208683a8443ce88c6e62226f259df0a18a66da0ab0459efe6269f08be12f4758c73799da8ed6476f33893595bbdbc06772694ad0af86edb0d5de6e63fe9ca8bc145e7acfbe5aec75fb8166d7c9d81b9652ebe45deef96779215b5e50f6843caff9d31322c809e90cfa44069bdcc77953e9c6b9e6b1a8c76aeab93e705d3fc7831d42adc81f131e3d6cfb60c51f05bf317fa1e7a060146b3f5affc8b36c9bfde45c7f53158fffddd2c1faaa73707d4f63089eb14fa238dd7e2f6ada6a013e32d5ba04653eed72dac09e16f67c23505ec4d86efc645c000000000000600000000000000012010000020000001242599e9cef9ade2f89991d8e3c74209f6e251517b3dce7487342fa66287954334d4755057820f9054e69d26e0063bbb465a6f9b2892f56472a57e40730fb7fffcbed2e173b"], 0x520}}, {{&(0x7f0000000b80)=@ipx={0x4, 0x1, 0x7, "686a51ee29b3", 0x7}, 0x80, 0x0}}], 0x3, 0x40800)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x9}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)

09:56:11 executing program 0:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000000)=0xff, 0x4)

09:56:11 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:11 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:11 executing program 4:
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(0x0, 0x0)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[], 0x7b)
sendfile(r2, r2, &(0x7f0000000240), 0x7ffd)

[  185.447882] ptrace attach of ""[9246] was attempted by "/root/syz-executor.2"[9248]
09:56:11 executing program 0:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r0, &(0x7f0000000200)="1c0000001200050f0c1000000049b23e9b200a00080001c000000001", 0x1c, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvfrom$inet6(r0, &(0x7f0000000000)=""/114, 0xfffffffffffffd1b, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020001f", 0x7, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="58ad000010", 0x5, 0x0, 0x0, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='\x00', 0x10459, 0x800, 0x0, 0x4b6ae4f95a5de35b)

09:56:11 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

[  185.705634] netlink: 41344 bytes leftover after parsing attributes in process `syz-executor.0'.
09:56:11 executing program 4:

09:56:11 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:11 executing program 0:

09:56:11 executing program 4:

09:56:12 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(0x0, 0x1000000000016)

09:56:12 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c)
fgetxattr(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="4feee7983d96a05b9f"], &(0x7f0000000c00)=""/139, 0x8b)
sendmmsg(0xffffffffffffffff, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="e0000000000000000100000001fcffffac46eb4e9a9124915a1c64b24f97a9967a9d48d72529b1f5403a752fbc1b4439193aad148fe140d50733b2051e55d64ec671335179e37f6baae1dddc1dfeae6ded223b2ead2e2f0eb3de6a3003c076c59cf44bb7a45155935a85f513ab97c142c616f052bb4949bee7c92a9293357ce08413534b346e90d99975f7606b1bda86f4bbfad02112236fbe4f5d403ac35a94d74472a5c683303601118dc208a7515f532c1bc1bed3d5b9d60aa274f310992527ccda8e84904dc47bc142a629c3c528968770f78836c80b77644739ae00000000010000000000000101000000080000d32326e006cf93fa51459f9b01fd04cb2e91da2d208683a8443ce88c6e62226f259df0a18a66da0ab0459efe6269f08be12f4758c73799da8ed6476f33893595bbdbc06772694ad0af86edb0d5de6e63fe9ca8bc145e7acfbe5aec75fb8166d7c9d81b9652ebe45deef96779215b5e50f6843caff9d31322c809e90cfa44069bdcc77953e9c6b9e6b1a8c76aeab93e705d3fc7831d42adc81f131e3d6cfb60c51f05bf317fa1e7a060146b3f5affc8b36c9bfde45c7f53158fffddd2c1faaa73707d4f63089eb14fa238dd7e2f6ada6a013e32d5ba04653eed72dac09e16f67c23505ec4d86efc645c000000000000600000000000000012010000020000001242599e9cef9ade2f89991d8e3c74209f6e251517b3dce7487342fa66287954334d4755057820f9054e69d26e0063bbb465a6f9b2892f56472a57e40730fb7fffcbed2e173b"], 0x520}}, {{&(0x7f0000000b80)=@ipx={0x4, 0x1, 0x7, "686a51ee29b3", 0x7}, 0x80, 0x0}}], 0x3, 0x40800)
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3, 0x9}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)

09:56:12 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:12 executing program 4:

09:56:12 executing program 0:

[  186.333070] ptrace attach of ""[9303] was attempted by "/root/syz-executor.2"[9305]
09:56:12 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:12 executing program 4:

09:56:12 executing program 0:

09:56:12 executing program 4:

09:56:12 executing program 0:

09:56:12 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:12 executing program 4:

09:56:13 executing program 0:

[  187.167140] ptrace attach of ""[9379] was attempted by "/root/syz-executor.2"[9380]
09:56:13 executing program 5:

09:56:13 executing program 4:

09:56:13 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:13 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(0x0, 0x1000000000016)

09:56:13 executing program 0:

09:56:13 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:13 executing program 4:

09:56:13 executing program 0:

09:56:13 executing program 5:

09:56:13 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:13 executing program 0:

09:56:13 executing program 5:

09:56:13 executing program 4:

09:56:13 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:13 executing program 0:

09:56:14 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:14 executing program 5:

09:56:14 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x64}}, 0x0)

09:56:14 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:14 executing program 4:

09:56:14 executing program 0:

[  188.136697] ptrace attach of ""[9460] was attempted by "/root/syz-executor.2"[9462]
09:56:14 executing program 5:

09:56:14 executing program 0:

09:56:14 executing program 4:

09:56:14 executing program 5:

09:56:14 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:14 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x64}}, 0x0)

09:56:14 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:14 executing program 0:

09:56:14 executing program 4:

09:56:14 executing program 5:

09:56:14 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x64}}, 0x0)

09:56:14 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:15 executing program 0:

09:56:15 executing program 4:

09:56:15 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:15 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}]}]}, 0x74}}, 0x0)

09:56:15 executing program 5:

09:56:15 executing program 0:

09:56:15 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:15 executing program 4:

09:56:15 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}]}]}, 0x74}}, 0x0)

09:56:15 executing program 5:

09:56:15 executing program 0:

09:56:15 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="12000000"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:15 executing program 4:

09:56:15 executing program 5:

09:56:15 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}]}]}, 0x74}}, 0x0)

09:56:15 executing program 0:

09:56:15 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:15 executing program 4:

09:56:16 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:16 executing program 0:

09:56:16 executing program 5:

09:56:16 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:16 executing program 4:

09:56:16 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:16 executing program 5:

09:56:16 executing program 4:

09:56:16 executing program 0:

09:56:16 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:16 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0xc, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x70}}, 0x0)

09:56:16 executing program 5:

09:56:16 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:16 executing program 4:

09:56:16 executing program 0:

09:56:16 executing program 5:

09:56:16 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0xc, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x70}}, 0x0)

09:56:16 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:16 executing program 5:

09:56:17 executing program 4:

[  191.051912] 9pnet: Insufficient options for proto=fd
09:56:17 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "eaffffff090000000000000000000000000053"})
write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x35b)
r3 = syz_open_pts(r2, 0x0)
ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)={0x15, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000001000"})
ioctl$TCSETSW(r3, 0x5403, &(0x7f00000000c0)={0x0, 0x0, 0x1e00, 0x0, 0x0, "f9bb789b7f7f9a00"})

09:56:17 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="25bca2740a0000002734fa0095e0612687ecb86a548802a902000000020000000a00000079a782d2250000000206e73ba8f4952bedc6760253ef7378d97acd2985395aaa929f3b9aa94a122e0368b36e977b58615fcf48f73e95513fd0af8e54c274", 0x62, 0x400}], 0x0, &(0x7f0000000180))

09:56:17 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0xc, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x70}}, 0x0)

[  191.172309] EXT4-fs (loop5): invalid first ino: 4148744031
[  191.194124] 9pnet: Insufficient options for proto=fd
[  191.233036] EXT4-fs (loop5): invalid first ino: 4148744031
09:56:17 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:17 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'kw(tnepres)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="7fa7bc1b3b00020000dffecea6adfc88", 0x10}], 0x1}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)

09:56:17 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x6c}}, 0x0)

09:56:17 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:17 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "eaffffff090000000000000000000000000053"})
write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[], 0x35b)
r3 = syz_open_pts(r2, 0x0)
ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)={0x15, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000001000"})
ioctl$TCSETSW(r3, 0x5403, &(0x7f00000000c0)={0x0, 0x0, 0x10000000, 0x0, 0x0, "f9bb789b7f7f9a00"})

09:56:17 executing program 0:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x6)
r2 = socket$inet6(0xa, 0x6, 0x6b)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x44050, r2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0000001c008102e00f80ecdb67b9f207c804a00d00000088000afb0a0002000a0ada1b40d805000300c50083b8", 0x2e}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
r4 = socket$caif_stream(0x25, 0x1, 0x3)
recvfrom(r4, &(0x7f0000000540)=""/193, 0xc1, 0x0, &(0x7f0000000300)=@generic={0x23, "c7c922dadda26b10eabfb583c7874a53089d0e513804e38152748669e0d05955719940672e1679bc596b94377c914e9b8975db07bf2fe3bb148d6d30bf08764edf564fe7d95e7cd5e035ac4754c0b11b1950e0a3326e8b5ab608bbfd3ce8885d46b14531b842e389e7aa15482ee6dbe75129d5082a445127edafad1879e9"}, 0x55)
r5 = socket(0x18, 0x5, 0x6)
recvmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000900)=@nl=@proc, 0x80, &(0x7f0000000240)=[{&(0x7f0000000980)=""/40, 0x28}, {&(0x7f00000009c0)=""/132, 0x84}, {&(0x7f0000001a80)=""/4097, 0x1001}, {&(0x7f0000000380)=""/107, 0x6b}, {&(0x7f0000000640)=""/250, 0xfa}], 0x5, &(0x7f0000000140)=""/134, 0x86}, 0x2)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000100)=0x7, 0x4)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080), 0x4)
setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10)
r6 = accept(r0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0)
setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000400)='veth0_virt_wifi\x00', 0x10)
sendmmsg(r1, &(0x7f000000a080)=[{{0x0, 0x0, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, 0x0, 0x0, 0x1}}], 0x1, 0x0)

09:56:17 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x6c}}, 0x0)

09:56:17 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  191.867533] 9pnet: Insufficient options for proto=fd
[  191.876146] audit: type=1400 audit(1595584577.784:14): avc:  denied  { create } for  pid=9750 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
09:56:17 executing program 5:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2909302060400000000010800090039", 0x1d}], 0x1}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
splice(r0, 0x0, r2, 0x0, 0x10007, 0x0)

[  191.962130] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
09:56:17 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:17 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x6c}}, 0x0)

09:56:17 executing program 4:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xcc, 0xcc, 0x5, [@union={0x0, 0x5, 0x0, 0x5, 0x0, 0x0, [{}, {}, {}, {}, {}]}, @restrict, @struct={0x0, 0x8, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}]}, @func]}, {0x0, [0x0, 0x0, 0x0]}}, 0x0, 0xe9}, 0x20)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x33)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  192.005935] audit: type=1400 audit(1595584577.904:15): avc:  denied  { name_connect } for  pid=9750 comm="syz-executor.0" dest=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
[  192.062296] audit: type=1400 audit(1595584577.974:16): avc:  denied  { name_bind } for  pid=9750 comm="syz-executor.0" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1
[  192.112118] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  192.139141] audit: type=1400 audit(1595584577.974:17): avc:  denied  { node_bind } for  pid=9750 comm="syz-executor.0" src=20000 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1
[  192.200651] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(136921882301430) <= P.seqno(0) <= S.SWH(136921882301504)) and (P.ackno exists or LAWL(23366287541469) <= P.ackno(23366287541470) <= S.AWH(23366287541470), sending SYNC...
[  192.249480] dccp_close: ABORT with 1063 bytes unread
09:56:18 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:18 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:18 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x1, 0x9}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r1, &(0x7f0000002bc0)=[{{0x0, 0x0, 0x0}, 0x1de5}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setpipe(r3, 0x407, 0x0)
write(r3, &(0x7f0000000340), 0x41395527)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x10001, 0xb)
sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000680)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000580)={0xe0, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x64, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x10}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x19}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7f}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3a45}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@rand_addr=0x64010101}]}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x41}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x38}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0xe0}, 0x1, 0x0, 0x0, 0x40880}, 0x400c080)
sendmsg(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="da6c8f075b405999761290334dbeb74ac7ab55392edcde6788f174d006f8a85c14cba7464b8e649e18e2e06eba09ee216d54e2a0debc21d1de9f294b02fa9b5a7daae7db90ae086a93622c61dbead8319693ab49cdff3a"], 0x78}, 0x4880)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x26)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$DRM_IOCTL_UNLOCK(0xffffffffffffffff, 0x4008642b, &(0x7f00000000c0)={0x0, 0x39})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
ioctl$KDSKBSENT(r2, 0x4b49, &(0x7f0000000340)={0xa0, "119ce8c6e82332df8b6709347291df52457dbe50f80f3aa06748b2b65fcd3fd21dbeb9b2fc1ad35ae66ced05d630ec1da0bd9f22b58a756ddccbe1ed033b8d12fdabac9e60055722e75cf1fcaab70463e40747eded99895922270d46a606808ae66c41a9ed996b83b76b32ae3507aef3ead1874b1f3ab4ba53ec3299a974f7dd6df0088f994474e815da52f49a6603d1b3949110853f245577d4b239c8cd189b32ea05d4255d0c0894ae765b23ecdcb013912ef6fb7fa901cec2fe3aa51122ea64bdc82ca221dcdac7a48ea49d60c5ce21b52bff414a27a423d713a2001b2e09e8a0307fa14bf3a6e36b2ad4d2240eab7f3be0b9641096ac79082b22d9777d00000000f37094b9405d0ea6e357a43e9ce60478c318b88fd39b13a2e3cd9270d55dcc3dc7f5bda406c65a5bfae968192ad4fa5c1a08d18df0d322cda3c0cb20de007f8cf1ec6770a7b3b948bad34183f6f092aaa102088171379c3b80860195977917b5e5fa37173bcbee6fd8e7787087cdd708be56644a13b692e333277cd2032f21af4b7cb5da34ad627672737fda475cd401c92e1fa42daea4af04aa44855ce112da161d8cf28a1279be0a3da52f08434b2fd5d0531e6ea12c55826dc16835c9b8859da8a782ad6640e615874fc7468b31777d8c94b3888bcca57de3c9719e304d30bd622334419eb8c05bd4b0fe301ea78cd21b5700"})
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/snmp\x00')
preadv(r4, &(0x7f00000017c0), 0x375, 0x0)

09:56:18 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:18 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:18 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000001c0)=""/109, &(0x7f0000000240)=0x6d)

09:56:18 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_elf64(r0, &(0x7f0000000400)=ANY=[], 0x1)
setsockopt$sock_int(r1, 0x1, 0x200000010, &(0x7f00000000c0)=0x1, 0x4)
write$binfmt_elf32(r0, &(0x7f0000000600)=ANY=[], 0x1)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f0000002a80)=""/95, 0x5f}], 0x1}}], 0x400000000000170, 0x0, 0x0)

09:56:18 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

[  192.970084] IPVS: length: 109 != 24
[  193.030651] IPVS: length: 109 != 24
09:56:21 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x3, 0x300)
socket$kcm(0x2, 0x1000000000000002, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
socket$kcm(0x2, 0x1000000000000005, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000001740)=""/102389}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
socket$kcm(0x10, 0x2, 0x10)
syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/pid\x00')
socket$kcm(0x10, 0x2, 0x10)
socket$kcm(0x10, 0x2, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
socket$kcm(0x29, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001580)='memory.swap.current\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0xb, &(0x7f0000000000)=r1, 0x4)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080))

09:56:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:21 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r1, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xfffffffffffffee0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r2 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

09:56:21 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000002c0)='ip6tnl0\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

09:56:21 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

09:56:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

09:56:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

09:56:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0)

[  195.418112] *** Guest State ***
[  195.429993] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  195.458225] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  195.478311] CR3 = 0x0000000000000000
[  195.498108] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  195.504977] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  195.516617] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  195.523955] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  195.538417] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  195.549886] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  195.558246] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  195.567908] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  195.576590] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  195.584827] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  195.593032] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  195.601217] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  195.609371] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  195.617374] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  195.623921] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  195.631474] Interruptibility = 00000000  ActivityState = 00000000
[  195.638018] *** Host State ***
[  195.641355] RIP = 0xffffffff811affaf  RSP = 0xffff88804935f8c0
[  195.647350] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  195.653820] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  195.661790] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  195.667679] CR0=0000000080050033 CR3=00000000845c4000 CR4=00000000001426e0
[  195.674860] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  195.681719] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  195.687781] *** Control State ***
[  195.691919] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  195.698604] EntryControls=0000d1ff ExitControls=002fefff
[  195.704211] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  195.711221] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  195.717892] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  195.724605]         reason=80000021 qualification=0000000000000000
[  195.731005] IDTVectoring: info=00000000 errcode=00000000
[  195.736445] TSC Offset = 0xffffff956f7e0399
[  195.740893] TPR Threshold = 0x00
[  195.744267] EPT pointer = 0x000000009e45f01e
[  195.748677] Virtual processor ID = 0x0001
09:56:21 executing program 0:
syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/pid\x00')

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:21 executing program 5:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x7, 0x0, 0x0, 0x3f}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000140))
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000300)='.\x00', 0xfe)
r2 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0)
write$nbd(r2, &(0x7f00000000c0)=ANY=[], 0x1)
sendfile(0xffffffffffffffff, r2, &(0x7f0000000200), 0xaa4)
perf_event_open(&(0x7f0000000280)={0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = open(&(0x7f0000000480)='./bus\x00', 0x50042, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x4000000000010044)

09:56:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])

09:56:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:21 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:21 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:21 executing program 0:
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f000001a740)=""/102363}, 0x20)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f0, &(0x7f0000000080))

[  196.062047] 9pnet: Insufficient options for proto=fd
09:56:22 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x50}}, 0x0)

09:56:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])

[  196.155207] *** Guest State ***
[  196.169386] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:56:22 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

09:56:22 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x7}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
inotify_init()
r0 = open(0x0, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000200), 0xaa4)
perf_event_open(&(0x7f0000000280)={0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000480)='./bus\x00', 0x50042, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x4000000000010044)

09:56:22 executing program 5:

[  196.223912] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  196.264546] 9pnet: Insufficient options for proto=fd
[  196.283911] CR3 = 0x0000000000000000
[  196.308508] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:56:22 executing program 5:

09:56:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])

09:56:22 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

[  196.360613] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  196.392419] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  196.436276] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  196.444396] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.457658] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.465779] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.492136] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.502133] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.508531] 9pnet: Insufficient options for proto=fd
[  196.514015] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  196.525720] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  196.541379] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  196.555690] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  196.566462] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  196.573611] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  196.581715] Interruptibility = 00000000  ActivityState = 00000000
[  196.587964] *** Host State ***
[  196.592278] RIP = 0xffffffff811affaf  RSP = 0xffff88804960f8c0
[  196.598283] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  196.607073] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  196.615688] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  196.622476] CR0=0000000080050033 CR3=00000000a64b3000 CR4=00000000001426e0
[  196.630310] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  196.636996] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  196.644363] *** Control State ***
[  196.647841] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  196.655720] EntryControls=0000d1ff ExitControls=002fefff
[  196.662540] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  196.673250] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  196.682464] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
09:56:22 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  196.689909]         reason=80000021 qualification=0000000000000000
[  196.696382] IDTVectoring: info=00000000 errcode=00000000
[  196.702898] TSC Offset = 0xffffff950b202c7c
[  196.707831] TPR Threshold = 0x00
[  196.711421] EPT pointer = 0x000000008492f01e
[  196.715851] Virtual processor ID = 0x0001
[  196.813242] *** Guest State ***
[  196.816935] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  196.825942] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  196.835360] CR3 = 0x0000000000000000
[  196.839144] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  196.845115] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  196.852252] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
09:56:22 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:22 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x7}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
inotify_init()
r0 = open(0x0, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000200), 0xaa4)
perf_event_open(&(0x7f0000000280)={0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000480)='./bus\x00', 0x50042, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x4000000000010044)

09:56:22 executing program 5:

09:56:22 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x68}}, 0x0)

09:56:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX])

[  196.864166] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  196.900496] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  196.939437] 9pnet: Insufficient options for proto=fd
09:56:22 executing program 5:

09:56:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX])

09:56:22 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

[  197.007315] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.018256] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.029040] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.037566] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.045728] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  197.053809] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  197.061900] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  197.069987] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  197.077967] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  197.084493] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  197.092047] Interruptibility = 00000000  ActivityState = 00000000
[  197.098284] *** Host State ***
[  197.101582] RIP = 0xffffffff811affaf  RSP = 0xffff88804830f8c0
[  197.107572] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  197.114095] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  197.122009] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  197.127918] CR0=0000000080050033 CR3=0000000084bf5000 CR4=00000000001426e0
[  197.135031] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  197.142154] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  197.145234] 9pnet: Insufficient options for proto=fd
[  197.148214] *** Control State ***
[  197.148225] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  197.148233] EntryControls=0000d1ff ExitControls=002fefff
[  197.148248] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  197.148257] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  197.148265] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  197.148273]         reason=80000021 qualification=0000000000000000
[  197.148280] IDTVectoring: info=00000000 errcode=00000000
[  197.148285] TSC Offset = 0xffffff94b0977f00
09:56:23 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

09:56:23 executing program 5:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @local}}}, 0x48)

[  197.148295] TPR Threshold = 0x00
09:56:23 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x7}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
inotify_init()
r0 = open(0x0, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000200), 0xaa4)
perf_event_open(&(0x7f0000000280)={0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000480)='./bus\x00', 0x50042, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x4000000000010044)

[  197.244270] EPT pointer = 0x00000000907fa01e
[  197.251632] Virtual processor ID = 0x0001
[  197.334745] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
09:56:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  197.585779] *** Guest State ***
[  197.600060] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  197.611296] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  197.620718] CR3 = 0x0000000000000000
[  197.624621] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  197.631079] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  197.637519] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  197.645221] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  197.654392] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.663393] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.672004] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.680618] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.688606] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  197.697602] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  197.706497] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  197.715304] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  197.724133] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  197.732720] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  197.740880] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  197.748341] Interruptibility = 00000000  ActivityState = 00000000
[  197.755364] *** Host State ***
[  197.758567] RIP = 0xffffffff811affaf  RSP = 0xffff88804e2ef8c0
[  197.765400] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  197.772354] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  197.780691] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  197.786578] CR0=0000000080050033 CR3=0000000084bf5000 CR4=00000000001426f0
[  197.794431] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  197.801710] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  197.807893] *** Control State ***
[  197.812443] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  197.819766] EntryControls=0000d1ff ExitControls=002fefff
[  197.825226] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  197.834016] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  197.841303] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  197.847879]         reason=80000021 qualification=0000000000000000
[  197.855185] IDTVectoring: info=00000000 errcode=00000000
[  197.861258] TSC Offset = 0xffffff9447679c9c
[  197.865574] TPR Threshold = 0x00
[  197.870003] EPT pointer = 0x000000008490a01e
[  197.874419] Virtual processor ID = 0x0001
09:56:25 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x60, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x60}}, 0x0)

09:56:25 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX])

09:56:25 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x0, 0x0, 0x7}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
inotify_init()
r0 = open(0x0, 0x0, 0x0)
sendfile(r0, r0, &(0x7f0000000200), 0xaa4)
perf_event_open(&(0x7f0000000280)={0x1, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000480)='./bus\x00', 0x50042, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x4000000000010044)

09:56:25 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x800000271})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40086602, &(0x7f0000000200))

09:56:25 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:25 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  199.937912] 9pnet: Insufficient options for proto=fd
09:56:25 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2])

09:56:25 executing program 3:

[  200.046584] 9pnet: Insufficient options for proto=fd
09:56:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2])

09:56:26 executing program 3:

[  200.131286] 9pnet: Insufficient options for proto=fd
09:56:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2])

09:56:26 executing program 0:

[  200.165315] *** Guest State ***
[  200.179686] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:56:26 executing program 5:

[  200.236854] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  200.265545] CR3 = 0x0000000000000000
[  200.281001] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:56:26 executing program 3:

[  200.287807] 9pnet: Insufficient options for proto=fd
09:56:26 executing program 0:

09:56:26 executing program 5:

[  200.308395] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  200.338461] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  200.372725] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  200.407716] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  200.424387] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  200.433336] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  200.447576] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  200.456237] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  200.465329] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  200.474061] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  200.486775] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  200.495832] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  200.504657] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  200.511723] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  200.520404] Interruptibility = 00000000  ActivityState = 00000000
[  200.526921] *** Host State ***
[  200.531282] RIP = 0xffffffff811affaf  RSP = 0xffff88808c5a78c0
[  200.537536] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  200.545285] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  200.554551] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  200.561152] CR0=0000000080050033 CR3=00000000883fe000 CR4=00000000001426e0
[  200.568204] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  200.575723] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  200.582484] *** Control State ***
[  200.585946] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  200.593467] EntryControls=0000d1ff ExitControls=002fefff
[  200.599574] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  200.606511] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  200.614371] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  200.621640]         reason=80000021 qualification=0000000000000000
[  200.627975] IDTVectoring: info=00000000 errcode=00000000
[  200.634339] TSC Offset = 0xffffff92e4895258
[  200.638662] TPR Threshold = 0x00
[  200.642853] EPT pointer = 0x000000009132401e
[  200.647491] Virtual processor ID = 0x0001
09:56:28 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:28 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2])

09:56:28 executing program 3:

09:56:28 executing program 0:

09:56:28 executing program 5:

09:56:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:28 executing program 3:

09:56:28 executing program 5:

[  203.011495] 9pnet: Insufficient options for proto=fd
09:56:28 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="0207000702"], 0x10}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001280)=ANY=[@ANYBLOB="020a000007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001b00)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

09:56:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2])

[  203.078602] *** Guest State ***
[  203.093574] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:56:29 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r1, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r2 = dup2(r1, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8)
r3 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r4 = dup2(r3, r3)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f00000016c0)={0x1, [<r5=>0x0]}, &(0x7f0000001700)=0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x102, &(0x7f0000000140)={r5}, &(0x7f0000000200)=0x8)

09:56:29 executing program 5:

[  203.120102] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  203.154832] CR3 = 0x0000000000000000
[  203.155923] 9pnet: Insufficient options for proto=fd
[  203.162558] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  203.170501] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  203.183102] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  203.198568] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  203.213922] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  203.235484] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  203.259813] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  203.268487] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  203.292877] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  203.326226] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  203.345360] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  203.377222] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  203.392560] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  203.403351] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  203.421560] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  203.429209] Interruptibility = 00000000  ActivityState = 00000000
[  203.435567] *** Host State ***
[  203.439286] RIP = 0xffffffff811affaf  RSP = 0xffff888044e9f8c0
[  203.445406] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  203.453959] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  203.461911] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  203.467934] CR0=0000000080050033 CR3=00000000a9258000 CR4=00000000001426e0
[  203.475162] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  203.482010] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  203.488151] *** Control State ***
[  203.491857] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  203.498613] EntryControls=0000d1ff ExitControls=002fefff
[  203.504251] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  203.511525] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  203.518293] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  203.525023]         reason=80000021 qualification=0000000000000000
[  203.531516] IDTVectoring: info=00000000 errcode=00000000
[  203.537052] TSC Offset = 0xffffff9155e4adaf
[  203.541523] TPR Threshold = 0x00
[  203.544973] EPT pointer = 0x000000009f89b01e
[  203.549538] Virtual processor ID = 0x0001
09:56:31 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:31 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2])

09:56:31 executing program 5:

09:56:31 executing program 3:

09:56:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:31 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:32 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x18, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MAXIP={0x8}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x7c}}, 0x0)

09:56:32 executing program 5 (fault-call:1 fault-nth:0):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  206.088998] 9pnet: Insufficient options for proto=fd
09:56:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2])

[  206.116165] FAULT_INJECTION: forcing a failure.
[  206.116165] name failslab, interval 1, probability 0, space 0, times 1
[  206.143845] *** Guest State ***
[  206.164752] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  206.192410] CPU: 0 PID: 10218 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  206.200347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  206.209717] Call Trace:
[  206.212323]  dump_stack+0x1fc/0x2fe
[  206.214527] 9pnet: Insufficient options for proto=fd
[  206.215972]  should_fail.cold+0xa/0x14
[  206.215993]  ? setup_fault_attr+0x200/0x200
[  206.216008]  ? lock_acquire+0x170/0x3c0
[  206.216034]  __should_failslab+0x115/0x180
[  206.237531]  should_failslab+0x5/0xf
[  206.241267]  kmem_cache_alloc_node+0x245/0x3b0
[  206.245875]  __alloc_skb+0x71/0x560
[  206.249533]  netlink_sendmsg+0x9ee/0xc40
[  206.253640]  ? nlmsg_notify+0x1a0/0x1a0
[  206.257635]  ? kernel_recvmsg+0x220/0x220
[  206.261813]  ? nlmsg_notify+0x1a0/0x1a0
[  206.265805]  sock_sendmsg+0xc3/0x120
[  206.269539]  ___sys_sendmsg+0x7bb/0x8e0
[  206.273529]  ? check_preemption_disabled+0x41/0x280
[  206.278564]  ? copy_msghdr_from_user+0x440/0x440
[  206.283345]  ? __fget+0x32f/0x510
[  206.286828]  ? lock_downgrade+0x720/0x720
[  206.290997]  ? check_preemption_disabled+0x41/0x280
[  206.296033]  ? check_preemption_disabled+0x41/0x280
[  206.301204]  ? __fget+0x356/0x510
[  206.304703]  ? do_dup2+0x450/0x450
[  206.308260]  ? lock_downgrade+0x720/0x720
[  206.312431]  ? vfs_write+0x3d7/0x540
[  206.316160]  ? __fdget+0x1d0/0x230
[  206.319703]  __x64_sys_sendmsg+0x132/0x220
[  206.323939]  ? __sys_sendmsg+0x1b0/0x1b0
[  206.327992]  ? vfs_write+0x393/0x540
[  206.331703]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  206.336452]  ? trace_hardirqs_off_caller+0x69/0x210
[  206.341457]  ? do_syscall_64+0x21/0x620
[  206.345457]  do_syscall_64+0xf9/0x620
[  206.349252]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  206.354428] RIP: 0033:0x45c1f9
[  206.357608] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  206.376514] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.384209] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
[  206.391467] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  206.398734] RBP: 00007fb1664fbca0 R08: 0000000000000000 R09: 0000000000000000
[  206.405995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
09:56:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2])

[  206.413251] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
[  206.466676] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  206.487194] CR3 = 0x0000000000000000
[  206.491801] 9pnet: Insufficient options for proto=fd
[  206.497627] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  206.505935] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:56:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2])

[  206.513314] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  206.527018] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  206.545667] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  206.574610] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  206.584374] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  206.602422] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  206.616453] 9pnet: Insufficient options for proto=fd
[  206.617293] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  206.640937] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
09:56:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2])

[  206.667377] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  206.715043] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  206.731111] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  206.741875] 9pnet: Insufficient options for proto=fd
[  206.753218] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  206.768695] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  206.788856] Interruptibility = 00000000  ActivityState = 00000000
[  206.815949] *** Host State ***
[  206.826987] RIP = 0xffffffff811affaf  RSP = 0xffff888054e178c0
[  206.841347] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  206.867643] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  206.882710] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  206.906672] CR0=0000000080050033 CR3=000000008bd4d000 CR4=00000000001426f0
[  206.922719] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  206.930359] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  206.944505] *** Control State ***
[  206.951310] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  206.964099] EntryControls=0000d1ff ExitControls=002fefff
[  206.971018] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  206.978114] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  206.986666] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  206.994259]         reason=80000021 qualification=0000000000000000
[  207.001618] IDTVectoring: info=00000000 errcode=00000000
[  207.007247] TSC Offset = 0xffffff8fb1028880
[  207.013159] TPR Threshold = 0x00
[  207.016744] EPT pointer = 0x00000000a0cc701e
[  207.022012] Virtual processor ID = 0x0001
09:56:34 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:34 executing program 5 (fault-call:1 fault-nth:1):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:34 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2])

09:56:34 executing program 0:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[], 0x8a)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0, [], 0x4, 0x6})
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0)
pipe(0x0)
mmap(&(0x7f000007e000/0x3000)=nil, 0x3000, 0x0, 0x10, r0, 0x0)
r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fallocate(r2, 0x0, 0x40000, 0x4)
fcntl$setstatus(r0, 0x4, 0x6100)
connect$unix(0xffffffffffffffff, &(0x7f0000000900)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8994, &(0x7f0000000240)={'ip6_vti0\x00', @ifru_data=&(0x7f0000000180)="112079602d052ba53836cd62a1be882b9935b0ca974031c3c5be9f725f97986b"})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000100)=ANY=[], 0x87ffffc)
sendmsg$ETHTOOL_MSG_EEE_SET(r2, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB="d0070000", @ANYRES16=0x0, @ANYBLOB="050025bd7000ffdbdf25180000002800018008000100", @ANYRES32=0x0, @ANYBLOB="14000200766c616e31000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="05000600010000000500050000000000d80402800800020009000000c20004000c335da39127e0de82966ca5e67c81d1268f3d5f75ba937e47f9d73daebdc99fe2a60952e3df95abd67ff875ba7c9fe4bc0759a0955ed809fed4b25b532ae5543fd555100a4236ae3b65886fbcb0559470ad134898ebbd6ed54b12c8927f3a51f99b3ff4aa8cb2782314357421b7d95074dfa82b40cea943ce6d47792b126c9632e62243730c26b586ca6ad15aa52f5ab3801914070e55495cd9f1a735fa508991f66c319017f448f1bdfc0cc8d189d38d73a93363736db689d032f3e376000008000200030000000800020039a600009c0004003518a556b9c0f52b94a72c5d12b1255f792c2a281eddce0fdd18c82d71568ec653741a46f32f4453c4b0b17d56159a078c7d513239e2873f6d3571d3212d851674de1c0012c59513b46bd7cbfbb2358e549b7795472a465391a739f17a27b199a579dad1f51ca0f0c53854cc16f962b547a826d7ebfaa6a262e9ce7751da043a25172587d964c5d31f17b98b70f8885bd9affda7b99945c9fc0003800c000180050002000000000014000180080001000300000004000300040003000c00018008000100aa000000440001800400030008000200242c2c000800010004000000040003000800010003000000080001008000000004000300040003000d0002006970365f767469300000000024000180040003000d0002006970365f767469300000000005000200000000000400030064000180080001000300000004000300040003000d0002006970365f767469300000000008000100040000000d0002006970365f767469300000000008000100030000000e000200295b2d5e405c2340210000000d0002006970365f7674693000000000f0000400ac658239287074e03bc36a8ca1ed8c9902d3cc2a2dad5851d29f99b667508ebc89c034d95ec5ea34de6f957f91bdca9f737b8af742e39a92ad58cdd3f66f532e235162f7f179be5e935948f58cdd287ef4375754bb796f65f43aafee1b6f498b5d7e8235054390d6dd4943b23913403e2adbebc0e1f61cbbe4bc17d50af2ebb60acbd5a9bc8e7cfa8b595ff2b80838ab84a6ca36879e47a0bdc8a23c78bfb662f0c75cace3dd85146ed137fbc4357bda91d3989c9bdbf0cd62dd59b01bacfb7b292cfceee8abf50c8cf913d3a83f86997660e48af3cf89ebc50dee9a3fbe114195008cff1069a27b48dd7aa9700103804c000180040003000d0002006970365f76746930000000000800010090381d5504000300080001007c000000060002002400000008000100080000000500020000000000080001000300000014000180040003000700020040260000040003005400018007000200262800000800010003000000060002002100000004000300080001005206000008000100090000000d0002006970365f767469300000000004000300080001000500000008000100ffffffff4000018008000100ff00000004000300080001000100000008000100018000000800010057540000080001000300000008000100f300000008000100020000004400018004000300040003000d0002006970365f76746930000000000400030004000300080001009df700000d0002006970365f767469300000000008000100ff7f000014000180060002002c0000000800010000000000180001800a0002002b2b2e5e400000000800010080000000080001800400030005000600010000001800028008000200ffffff7f0a0005000e40cfee82dc000008000700000100000c0002800800020099300000500202805e000500a5c4956594e18b97d7f414237bab3291d6297a6747f27f01a310e2ae6f01e8a5c387759cd510bd2940b26bc959348259021f2e8f8663d7264fe233159310a81c83778f6599ceff8696810e492ca55e7c29b9b9cd75d53aaf4137000072000400b2c98e7e0c6f529a323b7c975069a1a77eb483b70ba99c3622466400f490848224019f618fca36c1f040f885fa9a44aee79be81e4aa4c4ef0c3fc090463cba6fdca033e26b72d847c633533daed02655520f531cf4bfe0b306e5fa43cd17e4af9f9bd2da3c128214c85c9a4aa20900007c00040016668562a76f0a35ff8ab681c88e88ff2c8deb0997802f13931e4ee6928022acba67f0333e6e8fca146682d2ab1113275d1ce3bc3ba2fe0c1045c8e637e0db05e752c03c5b8a1d399bc53b3b54ff0f3c42ff1d07ed070ea40022a651ba69c5008ef8894cc4facce1111c66eedd82f05f9438f9cd265e8275fa00050021bae765d04ade2b80bff0641c943d88c801c8d0ae140a515f415cff95356b90e73c4a6e5458231e0f9daad934c511d7bf0bfd5e60e2ce5ce9a74534ba4cf6dd9ff136e964c9e78e7791577db02ac0758a25e29a0072db6fd749b4a700e9be9c9b619f051814b3f3e2419679d5313770148e565ac037f11e91f618c1189d209a3d09412c685622f61d0c1c7075c87a753e27092fc6ef58680ce1950cf152828f329d4954e0626d6d2ddbd11d6e0f3c9ffd7ce5e907fef139a745290a924dffdc6ad3319aa3e1402ca8e1cac92760020a8a46a48d6203e411b805bda768133aa3051d7d12ee9fe395e47bcb4710fca8ea7d4d16de99840000280001801400020076657468305f746f5f68737200000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x7d0}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000010)
getsockopt$packet_buf(r2, 0x107, 0x2, &(0x7f0000000000)=""/92, &(0x7f0000000080)=0x5c)

09:56:34 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001040)={0x0, 0xb2, [], [@calipso={0x7, 0x10, {0x0, 0x2, 0x0, 0x0, [0x0]}}, @pad1, @generic={0x0, 0xc9, "959b894b6d938f0815b4a6d940a39192906c6a3dd6729b75456aa9cd7349de89c4954cc78e2cdb4f1c2a71c8ca7fa8b380c6116e25bb840adf68f044bc783a00d9a28c92d7d2efd3b145b529889789ed392fe9135f0442fdb0931c4cd4941a044281caeaa71fc81f9ed73b49e58a6f9a48f76589e8a6050e14b8f7e645f66b6f683cb53d9e078a693c9b953f074d040a53697f970318ce3786a3b782969b97735335227e36505a8881801017ea1abfa3faa134efe03d679f7978ce85005be4edb3a7be533817e564a3"}, @generic={0x0, 0x4ae, "f3ab268d02d7e9479f73cf5d3b0159bf5f73b29aa700f27a3d0dbf0248bc34697a537cbb5753de96f1bd7d050962b8b8c00148cc6422bd1b92f643a9925f9102ff1d126ee4691fb618337a664fe97407c0423a99bf2fb381c340942617c1fbf5d8d40114e1a87044c02b909f9c956f9e7d4492fa4d91956800aac5e6b4ce773dbedea67454945a950faed4112fa5f1e5992747cfd194f5e05c3fca18ddf3959e17def552989ccc2cf31731fcdc261b3ff6c2878e5ea9327e46630a5ef312e195a1c2a9e114af1289cfd5716bd2cf6f2165a19b25fa7e2b07dee411f9ea31cbf7ae2c1a053ea03a613f457fb5953f141d024ea60c3432a4c0539239e3a56aa2b8f7db810fc10965c74f671e68a7d868d81e39f2894253fb33970c4c6a269968326542999e1c334ae69196312492a67295baac21a6c80c36f56f5ef7bedc8424257fbf2526cec435b78d725ae1dedb1512f3876cdee8c17014ed0c266f0dfa4068b94ae080629e7f6ba7ee84afd817ea8136419c976a857e85f39ff037fdf387301a716e2cc4a073ce690ba13e4d988686186655855341f74fcba998bba555e7b1b514bf0d5fa93f5fbc2bc6d5062fbb560f7bc0f49c6c9f60faf497d5f33e5ae8ca962fb26accd222c8c0d292d2eceb92e6120250b082da4d656ab6557d79d538000ff7d4f318f73950b6e34091eed1cbe1ad85d4bd1906a61db14e9c7fbdabc5a448fb950bc6ccc6ecb7d191037f474578e1137b25d473f13c799f67bdea311ba40ecc846abac60cd7e1067c5c6063f715607f800bcf04b92d365d51962f73ef59eb40039319f19b0b6249ef6b787d73fceef5b46c7b45f08ae63e4bbe934409be1a156fb6d2090f88bc69627166b99fdc6be487805419bd7867f1cc6b0c8165d4b3fcf3ea481c6f4370a4f999b5ac4831623ed24e81bc05c5adb5349edf9a86a42bd539ee72f71083460fe7a51a5ca7f4efad7f3c132b03a05052de970225942b118fa29c0db05f8c8a94336b62dcd72d5d917d430035d2cc8da687614a29aa708c8656e40b17eafc3a7be5fa6e5f6f5f47dec968e8f853781acfc034278ce8a9d7001e718946f9bd4ead2ac29afda1872cd65a3e3d44122af715c5a4e515e90722c2282a375d43c6aee571372d0c97bd4034c70296c2a4f1e8dbf1ae285811242f66be21453044ffadecf290ab4d753d00f8753637da442d4545ee5a0e31744f7efdb7bdd1429457a84ee624276b6343b1a457c2b105a01bd42790fbda991fe2750901bbcb3baa53a98b8373dea13c11f659c500213e8cce3b2f807dbeda2b0756880c9783394977208f930fb4f28e0d100abdfb5f87e51ca9b51de1e58315f2d46f101ebc7fd3f224002af681835cd5c7a8f9271b92a4fe7cc29127f292f6499b89551eb6ce9ede6eccf41fe7d04211c612da98dc5be39394f5213ae22014841f553e72a848b47e3ef0d6f0ef7e9b636acb9d8b10ea40ee5424a0691c83c738b6de412710600dd2fd89e8b18f77fbfc0a7273aa0584c3ad7d0462eb0d650ca7b41427dff9cf125bd4286de07ff33abeaa0323d827eb4df54d496cb03b70f2be3995033c02fec6fcffd6496ea254aa5563f9228b31c37f0df6100cd155430f710f350e1288bedc82225183f15ed1ae7f62f614d0bf8468e1b0fa22b3e7cdfb2751f9ecdef1bc4aee172a9bf9fb"}]}, 0x598)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x10)
write$binfmt_elf32(r0, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58)

09:56:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  209.100195] FAULT_INJECTION: forcing a failure.
[  209.100195] name failslab, interval 1, probability 0, space 0, times 0
[  209.107238] 9pnet: Insufficient options for proto=fd
[  209.131246] audit: type=1800 audit(1595584595.044:18): pid=10303 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16126 res=0
[  209.174283] CPU: 0 PID: 10305 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  209.182553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  209.191919] Call Trace:
[  209.194528]  dump_stack+0x1fc/0x2fe
[  209.198186]  should_fail.cold+0xa/0x14
[  209.202097]  ? setup_fault_attr+0x200/0x200
[  209.206444]  ? lock_acquire+0x170/0x3c0
[  209.210439]  __should_failslab+0x115/0x180
[  209.214011] audit: type=1800 audit(1595584595.044:19): pid=10303 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16126 res=0
[  209.214777]  should_failslab+0x5/0xf
[  209.214795]  kmem_cache_alloc_node_trace+0x244/0x3b0
[  209.214815]  __kmalloc_node_track_caller+0x38/0x70
[  209.247967]  __alloc_skb+0xae/0x560
[  209.251622]  netlink_sendmsg+0x9ee/0xc40
[  209.255710]  ? nlmsg_notify+0x1a0/0x1a0
[  209.259708]  ? kernel_recvmsg+0x220/0x220
[  209.263884]  ? nlmsg_notify+0x1a0/0x1a0
[  209.267880]  sock_sendmsg+0xc3/0x120
[  209.271614]  ___sys_sendmsg+0x7bb/0x8e0
[  209.275613]  ? check_preemption_disabled+0x41/0x280
[  209.280664]  ? copy_msghdr_from_user+0x440/0x440
[  209.285432]  ? __fget+0x32f/0x510
[  209.288902]  ? lock_downgrade+0x720/0x720
[  209.293052]  ? check_preemption_disabled+0x41/0x280
[  209.298084]  ? check_preemption_disabled+0x41/0x280
[  209.303122]  ? __fget+0x356/0x510
[  209.306600]  ? do_dup2+0x450/0x450
[  209.310162]  ? lock_downgrade+0x720/0x720
[  209.314321]  ? vfs_write+0x3d7/0x540
[  209.318048]  ? __fdget+0x1d0/0x230
[  209.321604]  __x64_sys_sendmsg+0x132/0x220
[  209.325956]  ? __sys_sendmsg+0x1b0/0x1b0
[  209.330026]  ? vfs_write+0x393/0x540
[  209.333768]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.338528]  ? trace_hardirqs_off_caller+0x69/0x210
[  209.343561]  ? do_syscall_64+0x21/0x620
[  209.348601]  do_syscall_64+0xf9/0x620
[  209.349917] audit: type=1400 audit(1595584595.214:20): avc:  denied  { write } for  pid=10321 comm="syz-executor.3" name="net" dev="proc" ino=36410 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
[  209.352420]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.352433] RIP: 0033:0x45c1f9
[  209.352449] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.380503] audit: type=1400 audit(1595584595.224:21): avc:  denied  { add_name } for  pid=10321 comm="syz-executor.3" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir permissive=1
09:56:35 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x401, 0x400000008d}, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x103042, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, &(0x7f0000000040)={0x0, 0x8, 0x7})
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x40, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pipe2$9p(&(0x7f0000000d40)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_any='access=any'}]}})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x4001, 0x3, 0x2c8, 0x160, 0x0, 0x148, 0x0, 0x148, 0x230, 0x240, 0x240, 0x230, 0x240, 0x3, 0x0, {[{{@ip={@local, @local, 0x0, 0x0, 'ip6gretap0\x00', 'bond_slave_1\x00'}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'macvtap0\x00', {0x6a, 0x0, 0x0, 0x0, 0x0, 0xec, 0x7}}}, @common=@addrtype={{0x30, 'addrtype\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
sendmsg(r2, &(0x7f0000000480)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x3, @local, 0x7, 0x4}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000380)="82b8891af6038769380bcb62d9a10ee12b0c5b3012cfff804608f370b6fa775a5c48f5ff16e08405023fd49e6aefb9fd62f78de02e6029e84e4bacdba82619afdbd4c89a2e4d0506ae60c370b591f86fca77e299b28501ccfde12005833ea8df24e3c11b86c1ee2fdfa31c688d557dadaabb6f36f355b31e54fea86dd1712ead56f70db39d6d7929d0296b9e2ef116aba6fe3833f18f84b6b04cc9ec363e6ec7ab2fb16913f21fe0b32217ccab222994b44348d5c700846db3a7767a23c5fa836384549adf8571c239990d12996461daa4cd0ca503f383", 0xd7}, {&(0x7f0000000280)}], 0x2, &(0x7f0000000d80)=ANY=[@ANYBLOB="c80000000000000000000000ffffffffc793eeed14af203ff6b2c19aecbcde367db0616874fd2e487e16cec70147fb543ce15397bafe67c75514de5f08d735f16b2c348feffc53a586e0e159692d92ecc2740d949d4f49dd199d9dc7f63ec1fa0139d58b272cd6e099ad930fba3eb7908f8904866c363253e14cd1b4ea3bee07f1e5216f1743a4c4831602d00295afb7f9ff5fb636502db3d3cc5c9d5f49ed9e486d56a331e032d7b6fb80b532385c8a097c441f32d4e4b839122b0b975cee8e1943dc4f00000000d000000000000000170100001f000000cd5abcf5dc01e31498d38cce3720a4d7c7abeda9bb472f66eb021c31e7f44c81c28e5f23bc2a8cf8f870006aa255935692a19387da34202b9d25d498811f64a3db91c4df0cd2d5d34f7070ec9eaf889d7737497fe6847998219065479cb8babf578334a0105322120a9a9d8fb631279e70a56fa91567a922378c073413262c3399d9fea6bd9d524ab23a7e4fd293febb5861a3feaa48f548154d8f2c4bacef0dc4ee7013f9efd7069102c1852e9bf2daa75b3427af01ea769cb714d2395700003800000000000000ff00000000000000181df58841c4ce48c40c98c31711f5fabf78d04f2069f19e9b47fe179f77a144cde0d3a1ac44cba0d000000000000000840000000b000000c9d2c6b2a2d94c654a187012268bf702925c061d4a35be43445ecc8ab32c9eeac11474997f1eb9b6ba6a644f76c599dc535a1cf00b9debb7985ae37a0aa3700112e971798d7176fd7005c61c71fec4674b5a6ce9f8acfbee4068e18e691b2027596aabd1b27fe5af8340144ba28477d84c1586d86980c804cfc05693fc94b9ed21ccee2bc708c6a6674977eec86fe43f4a6a55e24f52cc21a0bc24298c51d327291047c54f464eb7adca88ecfbd7e77be929e26cbe2556e4112737551c5fca00500000000000000011000000c60300008a7a171da96e495ac2b1fbf9e3bd3f2d09fa775fb6d4b190bcd1a0361261ee0f985c40c68ee164f3d870d2254376573af260f08edf64d45a29ed7b540e174498d80000000000000018010000080000004863a8eedcf328295bfa974113ff1ca9ebf49471119f5710cafd33aeb3bd07d5c1ea96ed421b4af77acb15afe5256c50bd1e8c7d131c8c36af085d00788abc69c1af6412a0153c088d17513f183943b5a2d8ef247c7962f5e95748fd41737ca028a0f7b2a6ff4ebfb55fcc99964966c9a3852e5bb94e03fdfe5c42b52380cd5a90a0da877415149d07655eaf0e30741331d9f4758f7399fd3e71d6b2aebffd98c6343c2762aa7c601f8333a3e93af0f3c66737333941f0b9ef80f4f4c860d42ba40956000000000010100000000000000e0100001600000058b8963607f26787494af2b48f09f25fd04a7e08a9035c27898b727def28e14884cb141b7de83db3e61e29d23e7cb65e142b55f98ee04faeecf812e94d5623a1aab3fe4e17f5111eb29dbe668ad80bb46d0305896cd118285fea66254d4e0405ed616138310ffb1d982610e04fce1b5428a20f43ca5b275cf578da24b31a6309cf0cc8d424c6a1330a1f73575c636e02f8e636bbaf30a601dfab6cbd97c0913556e30b5b021dc5e79b09b9e989a2e652813cdf11d6c3f274fe1045b42eb0f2435800a6a1a4e613d80453c0ca9807dd70017241d604f88fb92597dc8283603ee24749755072052ef3386c98ba7b52bab8f795288ec636d5a9a6104de31f90699ad10c52cebe026fb0d1f99598b8f13400e2f875bb5f94443bae735a3a7adf5041177e1406f4a4db44a272b555e9ae4e382d95f34c7199480777b3481901fa77aa4d3a421e3a185b66cb96675b440f081f9a8d703e7b20ef887e687270f746aaabea8064f399052d58eeedcbcb1826bed62b31d7b8732470ebab778ae53b79bb96a936ba53dc6375e616f030b3dc4bdeac6d77fba4c84df0fc2da2618756790d5af68c58475b064070ff135a1f7a9e955320edd14d774c143fb3b1b89e0ff5f3a4700db9f22e62f9a17d5c11bd3eea19b4f3bc1346b6e0efa1ef5692d904dcbc7f48f196bd4f67ee78116d951df5000167833ffc1c50c1c4e45305052f04e21b5e3d25f1e1dcca33d406e9c57063ecebf93bac93c7e3d29f77162fa8a3c82d0466d9d76e042ff89182ad852508f97777167654a577b17104fac7d6159f8fdaa114a065c92d8e615337886ba71179d6251cb3a40a7b1e06aa0a900e6c093e78d060d731c37830e3a839d3701d017ae9a67af569890df7f62cb6e3616bbbf3fa6f43a2404c54a1b0d7560ad549c861f2d8d0c2fe2f49342b1261df28da7d0a00ed885f6bc6129ad96ca29aec08eb5f622d7b5dfc16c519732fa05a6538a86e7ea383b48126025d7269ac66c492086d2a4a1b478051834e55beef1a5780c4d8a2f3e8c0bb91380d5713f9c063adee3c73deb4657ead46edf668cd247d2b2cde8736584b8e9bfe3915a860ed0cee8ed1ea349d9a1d37c7a4cf3f31e44b9df320563043fae14d37aef7aaa4cad6fa41aaa59d06d91aad72fdbeb2b71a8907a969385abf5feba4187ddf653d66609191f24a9298a9c8f39063640bf947d54fc7a1e370f7280672c87e8eb77c0325a724fb7378b3594cec220c741f57ad2eaa97e0ca2abef90a707eb2d23ace2999b6556941339cd8958cbdeee9b74f0953ee4bc2d99d250b041d69618f92ddf747831f8d131f8815d0a941338a62ea0a0c5cff320a0e18fbc1efafca46cb1d8e263151cf2d55ceb48c3a9926cd5e1524f0a9ce8228c1f35102d32de7c33cd5e04a0b5d10b64e6060bc605a85fd54419b22ea046749cdd541bec6084d2d6667e07f9da5ca74da56451cdc124a4e555c12a6abfd84c58fa4aa5410662a9e70bc8ef509dcde3a0b23000d2803189d989afa5cafff1d6624e5f76fd7fddaeb37c324b0a7fda96aa0ddfe5b07f5d942c3b8426b8f95730ea8d0be9ba9d05b973811e30d46b3b38cdcaca4bccd559b1d06ceabacc96f51ffd9518bc7511b1b9ef7ccdcd237a40e58e1a0129e8221efb7cc02a53e39462f0a55d301a2c31b1e41203fbbb1646821e8f651ca15803c700c9923ec6351c1975e74f7b9d948d925dbc4365a280ed7e9d984038185cfe7a5f6fdaf7ef9e2244c3e70f70e00e1db4afe2368ea6eb90bc05af983f2814b0759f9251cfdbac7165dfd3faecc26cffa34f1a0ef2da40d4a6795c42bd15783df7c7ccec1cd19270b236ef78fd86c1f3a84b3fabc20a4ae1828cfe0d624fcd75ebbe88e8b140fbae27ed123cbde9146355b2b9759fda84bec72fc1b8a64a5b6c5f342b95b404fdc8585dfc2ec6c995a400b82a3b1c531fa6180a7ab42eef6634e9f9ac81d5d81006609e4d0d78ef1f47c4d46c1d0a5a6ed7315ef06b26b38394fd9cd551155e47ba0dc6917408bb7b7ff0054f4336236cf2b90c1a3ff9cf532267f2a3b68150a78064b92e01e573cdefeca28889d4993884c340f11cd44a6fb554e4432716405bfefa213977e0ef20382b9dfc52649354e4c657fdb498c9bbdcfc4024e2dbcd8b97ce45d8004880febad97ebd61d6381d955297d85547f7568028496dcabfb8aa3405475adc0edc1064d2647995ce8fe6af639783cab1c12054607e3c81fadca723141e9c231d8f829bf22f8be6ed51f6cca98cd3283883feccb33af6d337be8acb3363fd15c482bad03f35aaa99dadef5a7f95f35080948aca48f60deb557702f7f260f4c5596fe5c8ded10575713665ddea11407d0e5b6f50c19e5e0bc2d55a50bd93ad5fd224336133a10907ac2fce2250b7d46169c93ac9041c40d379ff2cb43393892629a45c58ebdb83b1f755bbd2c93283f84db2592791bd0f6344a1202da4c0e619c9496c216f345110f449ba9ce4883b4aa1d9014f23986e16a65827c7d57bb53ddeb50b6dc11e54209de2041db65daae4b1a084b5bb9310ec381b44371b39d743f2ec74f8ddd48cc36d30a618c19d9782f45bca8ac4424f71855cb23b735a9704bacfded50452b4cb38d66d5338c3b6db5b3230082b84714bb299d36cac7d77cfeaa573920bdd39e9ad789321349fb6ba2b3cb0b2a7fc11c78b302ea1915f0ef0d7428823158891dff590689574e07e671526e5c18767b9b6b66cd48dcb0c4e0e6622bec5038b03ede6479411807f4c43aa3d8092a56f46cd1ca9e826704ce69b2b0f7d4b812e476d26899544ceae47b8058fd94642886d598a076c2c71063ffcd76d0a1e0bfdda19cdb378518c952c1cdd5cee59be3485766f4bf3c86375fc44061d49015472eba44a135ad0c3ffabaf0d21e7636064d4d571357278d6d45f90688f906168442ce575609017881c56bb9e5291c9dd210ba313c92fa04a0b1578722493f628c0a4b404ea317883710f3fde669cdb2529358088b47e3ba910d40f5c59ed0976e8f65783d02f25f484d2cfb741259beb7997e9a257bc98788f7bb5864ba193271191d05761ef82392529b0b207a6f8a1421a9cac9cb37ca411138be697b2e7f1034e9708bd397e1aae34868254ef71f00a5e3bac6102c7858d8510d6551dbfc85018d47afbf457bc73ad772fb5c9b6319f19acd4398187b5b373a127eb58a827580dee9fffe5563db1834e4836bddbbc5a099cff181425f529e50e3110be220ac74c21963d6e547037e7661d30e64d1d9546659376d78e645d15c553697ac34ee426cc3b3d184bbb5accad52b1b7222e77b77186959e44d87e262ff4fa74010e3e320fecce5604287545b7417363c79e86e75b1c2ca216e448beedf4d9d46df97949c3729cd22489540585afd11fa8ac87d52e62c8074a5fdbc8c5ac3c4a0370784d051a48608e360012701140c665e57683173d09ad52ecd029d47090dcab4b560d436319fffc306aec6ece26afee6c725ef120dc19d5fb926e1f3bf5f6eb5f29e40bb43f9247673c37b04d9717b5bbea17941499ad85b6bb6484c9b7e8df4ec36f0f3d3ccef678241a88c80dbcd01fd10eb44b648db0628bcff960f70bc156b037efd4833994a5417d8f3bc1a36381419458db8e63de9166c302658a7c676b64f27cef28bb963cac052b553cafcd5bbc4da0c3a7598951fb57a41a5cdfb32ff88175350ef71ad9f48af37cd344323593a4a14be086b98a24c95bd48a74b83a7a3b216e66fd66068ff7bc0fdc4d34d2ce5ecb08f505a908e8f46e05304277ecd97d5a9f02df9f56b68767184e0627347c1b50ce49e8ba994b788494a546ef368a3a98016e8220c3ec0ff84b1d6c01c470d68607e145990d146a48c8ab3026c762c9d2d150021e6ace6225606191e264f713965360d80ac6d2e1be0bef2a4ec74dca7f05f42bd6aad07c268c60a08a2159600babf0b973078bb001207af5bde35e78177174e2985e9712525e4078fbcbb4fbe450e75abf123a5243e449817bb3aa260f54cfe610424eddf2c83f40adf67501d6a660b06149a04d2d16ade4c725599adda0b8fd974ae5399fdad8288c0d2995709d4934ec44cf02cc043b055f0981c54aeeaa3"], 0x1480}, 0x804)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r4=>0x0}, &(0x7f00000000c0)=0xc)
setresgid(0x0, 0x0, r4)
setgid(r4)

[  209.383499] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.383514] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
[  209.383522] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  209.383531] RBP: 00007fb1664fbca0 R08: 0000000000000000 R09: 0000000000000000
[  209.383538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.383551] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
09:56:35 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2])

[  209.408162] audit: type=1400 audit(1595584595.224:22): avc:  denied  { create } for  pid=10321 comm="syz-executor.3" name="pfkey" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:kernel_t:s0 tclass=file permissive=1
[  209.500529] xt_hashlimit: overflow, rate too high: 0
09:56:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  209.633257] 9pnet: Insufficient options for proto=fd
09:56:35 executing program 5 (fault-call:1 fault-nth:2):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:35 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

[  209.706840] FAULT_INJECTION: forcing a failure.
[  209.706840] name failslab, interval 1, probability 0, space 0, times 0
[  209.770318] CPU: 0 PID: 10344 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  209.778243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  209.787610] Call Trace:
[  209.790225]  dump_stack+0x1fc/0x2fe
[  209.793872]  should_fail.cold+0xa/0x14
[  209.797778]  ? setup_fault_attr+0x200/0x200
[  209.802134]  ? lock_downgrade+0x720/0x720
[  209.806291]  ? check_preemption_disabled+0x41/0x280
[  209.811329]  __should_failslab+0x115/0x180
[  209.815582]  should_failslab+0x5/0xf
[  209.819305]  kmem_cache_alloc+0x3f/0x370
[  209.823385]  skb_clone+0x151/0x3d0
[  209.826943]  netlink_deliver_tap+0x955/0xb00
[  209.831380]  netlink_unicast+0x545/0x690
[  209.835455]  ? netlink_sendskb+0x110/0x110
[  209.839711]  netlink_sendmsg+0x6bb/0xc40
[  209.843798]  ? nlmsg_notify+0x1a0/0x1a0
[  209.847798]  ? kernel_recvmsg+0x220/0x220
[  209.851981]  ? nlmsg_notify+0x1a0/0x1a0
[  209.855976]  sock_sendmsg+0xc3/0x120
[  209.859760]  ___sys_sendmsg+0x7bb/0x8e0
[  209.863837]  ? check_preemption_disabled+0x41/0x280
[  209.868872]  ? copy_msghdr_from_user+0x440/0x440
[  209.873657]  ? __fget+0x32f/0x510
[  209.882174]  ? lock_downgrade+0x720/0x720
[  209.886346]  ? check_preemption_disabled+0x41/0x280
[  209.891386]  ? check_preemption_disabled+0x41/0x280
[  209.896428]  ? __fget+0x356/0x510
[  209.899911]  ? do_dup2+0x450/0x450
[  209.903461]  ? lock_downgrade+0x720/0x720
[  209.907626]  ? vfs_write+0x3d7/0x540
[  209.911350]  ? __fdget+0x1d0/0x230
[  209.914903]  __x64_sys_sendmsg+0x132/0x220
[  209.919155]  ? __sys_sendmsg+0x1b0/0x1b0
[  209.923223]  ? vfs_write+0x393/0x540
[  209.924066] 9pnet: Insufficient options for proto=fd
[  209.926952]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  209.936790]  ? trace_hardirqs_off_caller+0x69/0x210
[  209.941828]  ? do_syscall_64+0x21/0x620
[  209.945828]  do_syscall_64+0xf9/0x620
[  209.949647]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  209.954844] RIP: 0033:0x45c1f9
[  209.958043] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  209.977300] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.985027] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
[  209.992312] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  209.999595] RBP: 00007fb1664fbca0 R08: 0000000000000000 R09: 0000000000000000
[  210.006878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  210.014168] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
09:56:35 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

[  210.086117] 9pnet: Insufficient options for proto=fd
09:56:38 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:38 executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x420000015001})
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @loopback}})
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0xc0000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
timerfd_settime(r4, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x77359400}}, &(0x7f0000000280))
sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000006c2c94265af8f9d0c58f625fa64c567f8a81b519010000c2b9311d1cacf647ce9ed2c4", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fddbdf251b0000000500920004000000060021006200000007002100626200000400cc000400cc000500920001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x20008800)
write$tun(r0, &(0x7f0000000680)={@void, @val, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "a5c268", 0x1298, 0x3a, 0xff, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc]}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, [{0x5, 0x19, "e5fb000005005357cd99e33bca98e246dc9027eb3334ea443e7fdc4049b892d54090878bee496aa11e07fb0f1db1a0ebe2f95347b0317613063381165c01f08fea1048ea59a6f2273e02707fdd7defc02bde3192360593169594710bddd04aead6c89c87778555de42d23236534ba1a799a63eb4532003a703b249e4628e4706bccc7a264ee85014d99a7fd4565d3c416c835a741eb4e97140e834013724d23450072f0087ac65295ca0d7c601c30de0161560e2d20c5b1052e9b208e25470e9fa884ecd2082ec38b3cb19c083"}, {0x0, 0x1b, "14a142ef59c04e8e7b4db5309006bd98ec79847a52ed68124e8a24d3079fc53b81c039a7d59f992dcb481043f510a0ce1ebb98c07a624ff8c8cc0b4fd3b8e700196d1f5696e184393de669ffaebfbd494a9d6a5fedac0738ffc3dcb3c1b96e48fd063786ae5701f6aa5022621e665607848e20f162630df96d0a773993e97ae6b847e51883d73d66bb30b4375229cfd0c9c41f511bfbf2bca94caa7ce76be257173a4eae2b484117ac32acf6ea1a32def26c919c93055c2f9a640b2d847d527357902538828abd66b3d1a9b85034066154f0b2ec054f6a8712ec98e5"}, {0x0, 0x1f, "8cf0833ae2772f05d302c778833be4f2b9c43c83284b82e71ca1ee382af46513079a2f52da08c93afdfc1a18e4b677b307a1c7df90787cbd143b129bc8dbc39104eb21674d26fd4ced8626df256869e168d42f4d160ad1442cae2bd8fda0fc44a08759d245bfe8eba42ec7967c1e953256a057369159333bca73b498a882fb5e840d429804169a6446c1d1b013144ae0ee276a463ef69ea4c4636751083041811c9b549256c6a3a71e451f8fd4de25629b3de61cba78315412fa14e350bb03feaf63909bd7320561df80bc77f36d4561a5efcc324450355ed398d9e46e798e23e2a4a2c787728b9c549a1894c53dcdfe834c7785fb3c4331"}, {0x0, 0x3, "6598975984c98199c07565e33783bc472344c2fc4e6a32"}, {0x0, 0x1f8, "631c74c9d1ae5f26763e689d7358d52b9d78e1af1392b0a090488b19cbc96370f62d48c23e1427c05acd9c3b3f073a763d782618ff1eec26b515a9b327cbc17f30d83b25eb0642880dfa19be7390bfd822af60a6c50ca6e86b5a7a713194fb7fd8d6fbabab53a0be384d6197ec95d58387c3c60474093fafe7b973081f27ecda4197fda48a1f93aef6f2fe0790ee4c44b9311e6a55f85e9a53c1b9d12d9b586d5e9c0f98d3d6f5e215a0392bc0f0747ce75347ce29eea158c0f1ff30ecf208af154508b0c1f57d03d6e884937b7d84b3170624b4ebb76df8681493b4ff2f5cb6ab9fc4745569c2105f1eef9e9e3b7f10aa79b3746d194b78719295ce4ca9a520a08a67241d6770b93eb3a0b12e0ae16886e6a6312f858009dfc6736efec7498718a3c84b37267e49860fcf486442c2f06179672b3a6d1afac32246207723f9f43a7afc4e63820609c8a44dd4a88cdec819602a152eb4403f842712fd75ea44c779e98ff01f41caba247ef6434df425ff6bf93d49d1a8a08e455f2d86ff55773d57b611dd0e464d6b5e139271a91c6c8c629b694364730a38ddbe897a252620a2e41167afc48833290e0859615328f9dd7ba13514af6e3b3ca4e6514d400ad062a3519a85c4c79265bc284308602e73254a6ad85e76649c9b48f6785971a0e01ff0fe22de2c1c0b7ff27cf7e46f022d0b1a3c3a9ba65bcba1901c95e20ce39c24ff76acf7c4a3771e114a760448dbcd88c54351ee97a903c554564866eefb0964b5fe6ba26e73b64273c3f5d8079620cd509a3d88c19d09b5cc4256f38d263e105a94cfd44305e8c2755f90fd580628f0550268c95a1193362c265e0025ebdb42e58e2afcc38edbb77eedc486564a16e2405a99a382cfe15b03b097c10cb1651c2cb4bc7c5df969fb5ce19a6c8d3accb5b67dcf11fcfb6c028107c6b93c6a9b9c659dc05549a6fb1732f67cfc0ae5fe425245b72dbb6a719f83887a8af64ea8d1b3764ce0684f2d748a057d3ee3158d58266a560f8e04777a1f303163304d08b5bd470f627e0a13928e46fd0847bde599510e6978d68bb75f40ac4e247fc8708ca82ad40e729c3de042c94756d3816083784644d5e666fb3810117a62f7508ae3cdcdf312e314acd9add8e9c3e473ae206bd9b25659db6c1f570777f408644dcc6d150e92f284ad68d4bbe1f52e0c36e88a0d083dee8f7d59540b2ddda7fd27c97abc268630cbcad1e9cdd88c0a075462288bbf59824497ba7df15bc34d9fd22f8508a6d1c90118676ad3f9fc03cea1c69594dff6e978f42d1da2011290872e062fb2cc3293030534a6cedb6f461b33b5fd90b2ee0a8ae6803f45f4f2e74fac772ce235d66e8625951d7acbc87f1c4e13cbf0c01e8909de72d3b78b7d945b53e50f38486556dc6fd58db1a1da7f9cda6b50278a73d58842f15117c0232e6860caaab9be2d010ab4c5689a0ea14d78a5ec2dde3e837cadd8e1c794168860a4e303d513cc099d79cbb7605419db906a76d44ea62c6a767fb0f5cf25325a63c4939e1e8eb8df73645b5e9c4eebe6f736706708a8b0b5eebe263d846a9dedd9cb30365f3605cde065ae8fa4cb1075b87485ec0ccbabbe3033901e273234c688136c0960932e2ecd38870b7e72ca635a6e6d23cac391686fd2b7e5aac1c6862242dffc5a656922fbd23a6a8cae9f5a19b8778409987b26442739325b05ce005b215d1843278d767de541646d03cb4a3cfe32ecd2c686b8a550e12945b53bd87ae4387bc7876d1d17f3043a536e2319b760100963de494461c3dff0dc546ade451a393f08107cd419d1a075e7ce14cb082dabb30f61e67a9772aa384ee22505f0f54a58637abea7d3aa2263e744d2f99deefc0a6e2c225b0e14f3eae792b74a289920331b5d08aa748a123e3ccd2e7918495de5ad88068f6a2bc49c0bea736aaf68c21991ddb622522c9e6907ccc0716f394fa97da40beb33db9dbea01e2d07c6425853baffdd8ed2dc0d3ef710f518393634d7e312ea87093957de12f667d2c7a73ada38d95583ec1c3b8ba18bb6f592592a690a63a257b2792c8e75b98b46584082f240301facf10ef823003392d908af8386a403810fbb14a0bf56c9c718ea0e2eb8f478974fb9beb74bfc3fb13fa71babce0fa67e57950c2022dc5580b4a0e66740bc2f11dd4866f786bfb8c4b0fa78cf36d0baff865e0051dfbadcc0fc1bb4a4d89544375500bd08c8b219aba4213e081549239847b1b11cf51a72c26654f0d40b42b69178377ee9819b896c36e70304705aa6d1de33b77b6456fdf05de27813089e6bb5089a1ff02c361a8cc0e35454eff7d06033d02b0e66fd1d542115523c25bc49aea964ff93fe12bafabe723c16a6f9e669540e83d2dd64296b59dccdd553659bf15eec6598f32dfddd5f08380f4382e88e4441135abff53f7990c0c38f8a9f103082bd6009d059852f44bbdd2d8fbeebee4fe0822d205534fa1bec74b8e41ad2314f4742201f32202c21875731f87b86e1062270a3620dc3c5d4818618063379c97a29cf76acd17caf996d186a70d8385655048299538c8eb91fd25891125e5d317d6ca064bee38526fdfb4da1769e1bfddda5e1e64e7eeef125895ab9cf9db641b03ab5ec70633e8b79c665fa37e98cfbf23b176fc6d60668b25020420c81d77bebb0d32c63326bc9f88a8d2c226a85e54d7a44583e0f5b1f7cb52dacb769b57834ddf38ef5abd017f20f115daa51dea5bcbd58ea7a90ca042357927032040291dedf20c20eab92a384a23ab282db6c2a5c89b001a4dea0688cc7ca51a120390be070e07c618cb6b0e8c9106c0d2eabfb645e5b1fa9ef878df5861431e78e9c7ac12ceec025304a4d3351204c9bf7045a3b889f20321599f3f4c9c23169d1d10ace235dfb44edc3b9582dacef2269d5d07bf4555eec665dc307daef0aaaa0f7e44764fda59a861e67c1ce55de3515df6cec910c5fbb87aa9e100c290696ef366bb69b5d2de38d2f2d99413428c9761b0dd6bc5bd8c9c5e4f22c5f2ea5b666fa694359339d2e7e9ab6622b205713c7815edaeb01b2e63ff267e4ad2f66c267a2dae50a830d0b58bb0041bbbe43f6da01fd29e6fae8a8676d366ce2e31d9f61e257dd3ba7da8504fd00eb265c02cbd9d5e1c4955b85190c9bf085fdb54350ee9074c57c7add37bf6a614be01bba4871816ddc0c7e47797ee0d7c53b06352957dd546063f1593263e945ff319dba2bcef8f18844fecb244e9ca42a012774b137e86346a021934d30f2f8fb2cd906b45260154ce17d1cf1836654791bbd378f329a588ddcfd26b87296a17fe5077ec9968f47c4ca921dface81395435873af808472eb42eb12b92dbb4cc26683e21811cd13d8d273fbf3aa75204af1f593a5b423f9537a63308a945757d5f44c99e7eeebc506ec5f28729bd38b988babc33b570f8feca7a50c0966c66f063324fa504de647f7fc7f1d18bf94ae0899b758ee0ad1bb238dfd26a4ce6f3e7fdd1dd1b062b5cd493f4aa6eb08c6cb0510c696983a254c09197c1bfb784d5947a1329d7add6d3ddef0ad4b9ec93dee717788dd223feeab64acf9a73f24996d2e7d698b18607fc9a12b94d6ceafc680d9d91a1cfbf2d5fd6d0a9070d77b7f2204665b3a94f1e6245ecf7a1c671ee987fc0c67e7a26ed5e41862c5ddfa9a8344e1d8a88ca653a2efeb6e8fba6153fff8b279317ef0d65115073b38ab74d451cb58b75812231fd6282b7544fe4412ccea896e899a8f352269f60eb2383acfe60ab315c0f7ca43112bb898c051f6f07097d584e4f743f75d304b46b6b8c0e4825f987de99f24995dde490d7da0b47400a77fc8c39e5953b491a1bddf5d55fbb27e322bdc33e04fcbaf26f93b79c3030d920472b7694810195a02dc792d9ed4b43cedb72647c3005002eab924aa8ffaaecba42aa79eb3f4fb0b9e87317df11a79320a2d5bc83ad25fb139d45b843db5f8002b5cbf33812685fd9d5b994d370e8fd5333fa936ca9940f236b2c2e201912a7781dfca80497df9327c167d4d985db50e45fdb81c6eca85a3a4d0574d75e897ff98a23bfb122438f8f62a8422e0aff85febdc54e42bd05569a95717faf06eaea46b6b3e9335a1a60a922d8e79c153324cad570ee4efa53687280de0814071352d9c6ee939eaf3e89a09887b3bd9105a888635fcd190bcebc98ce4688665b8f827a2f0f1992fa90c4921342026de6fb0d31df3aaeba026678d7425a9c2f7cb2bfd7037cf81f814492f299a29b61e2a6ae386510caf4823e520365204ebc962504cb8997a51aed2903cba9fb52e015659a4fed914f7ecaa3cf3080da45a3d95c881dbb17639c31c9d833f270af042acf467dd492e6fa636e3df3ce7f28455fdd984e609c63170ffd55a0bb2debe6a4efa7228b47d455da6bbd83319620c16c63c2675dedaea4c4d65fa50ae7786621f45b67d022d546b91edda149af142d2a720c238f5e940d701cdb27439c7ff666f80b31ab695d3852bc5f4da0c39e588badb3e49153ea153b5894ee9fdebdb1bc3b6270644fb9f9d9dd3c4089932ec8fd9090d01c7a4eda7e1c1f304b59fed6ab77440eefb0324a8f5d127be662264399b5a4a41979e2a10d2905d9c265dd492edc5df03312f89c5094ff1b7f9ec10b68eb230687b5850a6a5643066fd1ad5c05bc1e8caa2289efafca0e93a284069a2120dd96dc2677e5b913beea0e75afa45e0140aadb7e566799ecbb47c6aa0ce03503ef8da94b2668fcf90e6bba60581590a2ac73c1c419941d0f2c013306d6ea9091a9eacc053213a58b24a6f7497632690083653c19715bcabfeafcebc22b54c6a1f71132c45ae7af19f8b25bdd83851527c63f1d23cb3ea18040475372bc99090e70282d536df518e6e421b4749d2334db9212c01219d6be9693e2f313b61b3a3c34ec932300db3c696d9ee8cbc138c8828f4d956abd0ce0d4b7b4a1ca0904c096befac1d9e48c64f0063554cdff3b77bd80791408c7ddf5759c86b7ca79e55d81b624dfc7b1a7dad93497a3325c53101174876654ce91d827ee124df73708eb88364d9cc3b4847f735d21d5a4f1ed962f51bdd18ae17a4b31eb0044aaa52b561ed84326d39ed7ab2bde55ea620cee86e43b549e7440a9a64efd748b081def3a956e350b66de06bd20dbd5fc86e6eb502be1977c1c83fcb774bba5803cec4f8ef11d3f7d9fb5a225a2f3dd6c9ac755230d1fcba418bebe56ec0cc7318422e362ae7626dc803bda3bf720fb753e586188b030fc6f02a94860d66915b7d4360a87f742ef006eb7dead1d3c9dca6c7ad71096a3040e6869bafa190bb64efdf8ecabd4a61eac2a772e29bcfbfa5021c070fccbc769631e123748c43da6f9f3268ae92aa211ccff1e03368a643b65757b3620bff11a7399c08a851719bd2bd1fb5ae4a0e19002b52f4caef8573a6b4ccee2802f9726fece0e44e192ef4384fce88aa23ad46a36b32ceea3510aae6522f4d407b30f0c551f70ee6bab475df4ac6d75d9aaeac309247eab00e9556c45386522ab5922195895568ed0ccb47d5a0320080b2ec1bdbdf3013c10755eca1b30e04b50cf9cf9bed3074e8ee1eaba87787afc58129ac917ca80bbb86557c6288a99b3850f2137ebf51558ea68f854014b29e9f2329bfd01a2154fd3847c605f2d079f0b0b5c7f0871ca819e97192760f5c0407907a7d6c96950"}, {0x0, 0x1, "c3dc73ee76fa"}]}}}}}, 0x12ca)

09:56:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

09:56:38 executing program 5 (fault-call:1 fault-nth:3):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:38 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040)='NLBL_CALIPSO\x00')
sendmsg$NLBL_CALIPSO_C_LIST(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x2c}}, 0x4)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x3c1, 0x3, 0x3e0, 0x200, 0xc8, 0x0, 0x200, 0x5803, 0x310, 0x2e8, 0x2e8, 0x310, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x198, 0x200, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@conntrack3={{0xc8, 'conntrack\x00'}, {{@ipv6=@private2, [], @ipv6=@rand_addr=' \x01\x00', [], @ipv4=@private, [], @ipv4=@remote}}}, @common=@unspec=@state={{0x28, 'state\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ipv6={@ipv4={[], [], @remote}, @loopback, [], [], 'macvtap0\x00', 'batadv0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x11b)

09:56:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

[  212.164987] 9pnet: Insufficient options for proto=fd
[  212.169336] FAULT_INJECTION: forcing a failure.
[  212.169336] name failslab, interval 1, probability 0, space 0, times 0
[  212.208539] CPU: 1 PID: 10374 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  212.216473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.225837] Call Trace:
[  212.228446]  dump_stack+0x1fc/0x2fe
[  212.232114]  should_fail.cold+0xa/0x14
[  212.236021]  ? setup_fault_attr+0x200/0x200
[  212.240364]  ? __nf_conntrack_find_get+0x1331/0x1740
[  212.245494]  __should_failslab+0x115/0x180
[  212.248245] xt_CT: You must specify a L4 protocol and not use inversions on it
[  212.249750]  should_failslab+0x5/0xf
[  212.249768]  kmem_cache_alloc+0x3f/0x370
[  212.249787]  __nf_conntrack_alloc+0xda/0x5e0
[  212.249807]  ctnetlink_create_conntrack+0xb1/0x12c0
[  212.249825]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[  212.249840]  ? hash_conntrack_raw+0x2d6/0x460
[  212.249855]  ? nf_ct_get_tuplepr+0x310/0x310
[  212.249867]  ? nf_ct_gc_expired+0x300/0x300
[  212.249883]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  212.298790]  ctnetlink_new_conntrack+0x4f3/0xde0
[  212.303707]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  212.309092]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  212.313519]  ? netlink_deliver_tap+0x8fb/0xb00
[  212.318124]  ? nfnetlink_rcv_msg+0x95a/0xf60
[  212.322569]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  212.327951]  nfnetlink_rcv_msg+0xc4f/0xf60
[  212.332226]  ? nfnetlink_net_exit_batch+0x150/0x150
[  212.337276]  ? cred_has_capability.isra.0+0x139/0x2b0
[  212.342489]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[  212.347698]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  212.352644]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  212.357595]  netlink_rcv_skb+0x160/0x440
[  212.361665]  ? nfnetlink_net_exit_batch+0x150/0x150
[  212.366697]  ? netlink_ack+0xae0/0xae0
[  212.370605]  ? ns_capable+0xde/0x100
[  212.374326]  nfnetlink_rcv+0x1b2/0x41b
[  212.378208]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[  212.382966]  netlink_unicast+0x4d5/0x690
[  212.387025]  ? netlink_sendskb+0x110/0x110
[  212.391257]  netlink_sendmsg+0x6bb/0xc40
[  212.395315]  ? nlmsg_notify+0x1a0/0x1a0
[  212.399279]  ? kernel_recvmsg+0x220/0x220
[  212.403422]  ? nlmsg_notify+0x1a0/0x1a0
[  212.407385]  sock_sendmsg+0xc3/0x120
[  212.411091]  ___sys_sendmsg+0x7bb/0x8e0
[  212.415055]  ? check_preemption_disabled+0x41/0x280
[  212.420057]  ? copy_msghdr_from_user+0x440/0x440
[  212.424801]  ? __fget+0x32f/0x510
[  212.428253]  ? lock_downgrade+0x720/0x720
[  212.432387]  ? check_preemption_disabled+0x41/0x280
[  212.437393]  ? check_preemption_disabled+0x41/0x280
[  212.442408]  ? __fget+0x356/0x510
[  212.445852]  ? do_dup2+0x450/0x450
[  212.449379]  ? lock_downgrade+0x720/0x720
[  212.453521]  ? vfs_write+0x3d7/0x540
[  212.457225]  ? __fdget+0x1d0/0x230
[  212.460756]  __x64_sys_sendmsg+0x132/0x220
[  212.465135]  ? __sys_sendmsg+0x1b0/0x1b0
[  212.469199]  ? vfs_write+0x393/0x540
[  212.472916]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  212.477660]  ? trace_hardirqs_off_caller+0x69/0x210
[  212.482681]  ? do_syscall_64+0x21/0x620
[  212.486670]  do_syscall_64+0xf9/0x620
[  212.490731]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  212.495910] RIP: 0033:0x45c1f9
[  212.499092] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  212.517998] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  212.525692] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
[  212.532948] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  212.540203] RBP: 00007fb1664fbca0 R08: 0000000000000000 R09: 0000000000000000
[  212.547458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  212.554728] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
[  212.614130] 9pnet: Insufficient options for proto=fd
09:56:38 executing program 5 (fault-call:1 fault-nth:4):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

09:56:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

[  212.710089] FAULT_INJECTION: forcing a failure.
[  212.710089] name failslab, interval 1, probability 0, space 0, times 0
[  212.731033] CPU: 0 PID: 10401 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  212.738955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  212.748318] Call Trace:
[  212.750929]  dump_stack+0x1fc/0x2fe
[  212.754579]  should_fail.cold+0xa/0x14
[  212.758488]  ? should_fail+0x142/0x7b0
[  212.762386]  ? setup_fault_attr+0x200/0x200
[  212.766710]  ? nf_ct_ext_add+0x257/0x620
[  212.770786]  __should_failslab+0x115/0x180
[  212.775037]  should_failslab+0x5/0xf
[  212.778764]  __kmalloc_track_caller+0x68/0x3c0
[  212.781462] 9pnet: Insufficient options for proto=fd
[  212.783354]  ? nf_ct_ext_add+0x299/0x620
[  212.783379]  nf_ct_ext_add+0x299/0x620
[  212.796428]  ctnetlink_create_conntrack+0x6c4/0x12c0
[  212.801565]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[  212.807295]  ? hash_conntrack_raw+0x2d6/0x460
[  212.811805]  ? nf_ct_get_tuplepr+0x310/0x310
[  212.816226]  ? nf_ct_gc_expired+0x300/0x300
[  212.820556]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  212.824992]  ctnetlink_new_conntrack+0x4f3/0xde0
[  212.829773]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  212.835150]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  212.839583]  ? nfnetlink_rcv_msg+0x95a/0xf60
[  212.844020]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  212.849400]  nfnetlink_rcv_msg+0xc4f/0xf60
[  212.853667]  ? nfnetlink_net_exit_batch+0x150/0x150
[  212.858722]  ? ___preempt_schedule+0x16/0x18
[  212.863151]  ? cred_has_capability.isra.0+0x139/0x2b0
[  212.868359]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[  212.873564]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  212.878507]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  212.883452]  netlink_rcv_skb+0x160/0x440
[  212.887516]  ? nfnetlink_net_exit_batch+0x150/0x150
[  212.892539]  ? netlink_ack+0xae0/0xae0
[  212.896438]  ? ns_capable+0xde/0x100
[  212.900152]  nfnetlink_rcv+0x1b2/0x41b
[  212.904045]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[  212.908821]  netlink_unicast+0x4d5/0x690
[  212.912892]  ? netlink_sendskb+0x110/0x110
[  212.917138]  netlink_sendmsg+0x6bb/0xc40
[  212.921209]  ? nlmsg_notify+0x1a0/0x1a0
[  212.925185]  ? kernel_recvmsg+0x220/0x220
[  212.929343]  ? nlmsg_notify+0x1a0/0x1a0
[  212.933323]  sock_sendmsg+0xc3/0x120
[  212.937049]  ___sys_sendmsg+0x7bb/0x8e0
[  212.941043]  ? copy_msghdr_from_user+0x440/0x440
[  212.945813]  ? _raw_spin_unlock_irq+0x5a/0x80
[  212.950321]  ? finish_task_switch+0x146/0x780
[  212.954830]  ? switch_mm_irqs_off+0x764/0x1340
[  212.959419]  ? __schedule+0x88f/0x2040
[  212.963308]  ? io_schedule_timeout+0x140/0x140
[  212.967895]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  212.972649]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  212.977223]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  212.981978]  ? retint_kernel+0x2d/0x2d
[  212.985861]  __x64_sys_sendmsg+0x132/0x220
[  212.990085]  ? __sys_sendmsg+0x1b0/0x1b0
[  212.994133]  ? vfs_write+0x393/0x540
[  212.997840]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  213.002581]  ? trace_hardirqs_off_caller+0x69/0x210
[  213.007587]  ? do_syscall_64+0x21/0x620
[  213.011597]  do_syscall_64+0xf9/0x620
[  213.015389]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  213.020564] RIP: 0033:0x45c1f9
[  213.023745] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  213.042632] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.050326] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
09:56:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

[  213.057587] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  213.064844] RBP: 00007fb1664fbca0 R08: 0000000000000000 R09: 0000000000000000
[  213.072147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  213.079405] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
09:56:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  213.115223] 9pnet: Insufficient options for proto=fd
[  213.150617] xt_CT: You must specify a L4 protocol and not use inversions on it
09:56:41 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = gettid()
tkill(r2, 0x1000000000016)

09:56:41 executing program 5 (fault-call:1 fault-nth:5):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:41 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x7fffffff}, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x100}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="00032cbd7080fbdbdf250900000004000f0004000b0010006e800400014b8082d100040001000400280087ab5b1175e06b6b49f981dbd294dce75baaae9121"], 0x30}}, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000480)={&(0x7f0000000280), 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x3c, 0x0, 0x40a, 0x70bd26, 0x25dfdbfe, {}, [@L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e24}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xa}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x40004)
syz_open_procfs(0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x1c, r6, 0x400, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004091}, 0x48846)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0xfffff000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4800}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc, 0x1, 'macvtap\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x3c}}, 0x0)

09:56:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

09:56:41 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2, 0x3f000000}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f00000000c0)={0x1f, 0x2, 0x80000001})

09:56:41 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
dup3(r3, r1, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

09:56:41 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:41 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:44 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:44 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:44 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, <r1=>0x0})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x7fffffff}, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x100}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="00032cbd7080fbdbdf250900000004000f0004000b0010006e800400014b8082d100040001000400280087ab5b1175e06b6b49f981dbd294dce75baaae9121"], 0x30}}, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000480)={&(0x7f0000000280), 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x3c, 0x0, 0x40a, 0x70bd26, 0x25dfdbfe, {}, [@L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e24}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xa}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e23}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8040}, 0x40004)
syz_open_procfs(0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x1c, r6, 0x400, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004091}, 0x48846)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0xfffff000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4800}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc, 0x1, 'macvtap\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x3c}}, 0x0)

09:56:44 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = gettid()
tkill(r2, 0x1000000000016)

09:56:44 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYRES32=0x0], 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x6c, &(0x7f000059aff8), 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nullb0\x00', 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r1=>0x0)
pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x6, 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x8000000000080001, 0x0)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000500)={0xd0, 0x0, 0x4, [{0x0, 0x5, 0xc, 0x4, '/dev/nullb0\x00'}, {0x5, 0x800, 0x1, 0x0, ')'}, {0x0, 0x0, 0xc, 0x3, '/dev/nullb0\x00'}, {0x1, 0x0, 0x3, 0x0, '}@)'}, {0x0, 0x6, 0x0, 0xe179}, {0x0, 0x7, 0x0, 0x2}]}, 0xd0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$AUDIT_TRIM(r6, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f6, 0x400, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4048000}, 0x40000)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SOUND_MIXER_READ_CAPS(r4, 0x80044dfc, &(0x7f0000000080))
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e20, @dev}}, 0x0, 0x0, 0x50, 0x0, "d9b7d473869ae8fd6162882d62a8e0820f2c9f99276d0ceb4b32c11d60d3d369bfed3c160538f69b60d5749c0b53e69bce385d5ac040a49de97ce8feca7202c1d63f78f123768fcbdf7002491b2715c2"}, 0xd8)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000}])

09:56:44 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:44 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:44 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x8, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:44 executing program 3:
r0 = memfd_create(&(0x7f0000000100)='\xba\xe5\x1f\x00\x00\x00\xff\xe1\x00\xff\xff\xff\xff\xff\xff\xff\xe6\xed\xff\x00\x00\x00\x00', 0x2)
write(r0, &(0x7f0000000080)="06", 0x1)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x3f5, &(0x7f0000000000)=[{}]}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$sock_int(r4, 0x1, 0x1, 0x0, &(0x7f0000000080))

09:56:44 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:44 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xe, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  218.734574] 9pnet: Could not find request transport: fd0x0000000000000003
09:56:44 executing program 3:
mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000280), 0xa}, 0xf2d8c9dfcea64443}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_open_dev$audion(&(0x7f00000002c0)='/dev/audio#\x00', 0x5, 0x101082)
clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='rpc_pipefs\x00', 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x800, 0x400000)
syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x1000008, &(0x7f0000000800)=ANY=[@ANYBLOB="6e6f61747472732c646174613d77726974656261636b2c6e6f7461696c2cc92d626c6f636b2d616c6c6f6361d84231f7156115bf21746f723d74657374342c626172726965723d6e6f6e652c646174613d6f7264657265642c636f6e762c6a71666d743d7666736f6c642c6772706a71756f74612c7365636c6162656c2c736d61636b6673666c6f6f723d6e6c3830323131002c6d6561737572652c726f6f74636f6e746578743d73797374"])
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f0000000240)=0x532e, 0x2)

09:56:44 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  218.970990] 9pnet: Could not find request transport: fd0x0000000000000003
[  219.589104] NOHZ: local_softirq_pending 08
[  220.228982] NOHZ: local_softirq_pending 08
09:56:47 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = gettid()
tkill(r2, 0x1000000000016)

09:56:47 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:47 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:47 executing program 3:
mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000280), 0xa}, 0xf2d8c9dfcea64443}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_open_dev$audion(&(0x7f00000002c0)='/dev/audio#\x00', 0x5, 0x101082)
clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='rpc_pipefs\x00', 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x800, 0x400000)
syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x1000008, &(0x7f0000000800)=ANY=[@ANYBLOB="6e6f61747472732c646174613d77726974656261636b2c6e6f7461696c2cc92d626c6f636b2d616c6c6f6361d84231f7156115bf21746f723d74657374342c626172726965723d6e6f6e652c646174613d6f7264657265642c636f6e762c6a71666d743d7666736f6c642c6772706a71756f74612c7365636c6162656c2c736d61636b6673666c6f6f723d6e6c3830323131002c6d6561737572652c726f6f74636f6e746578743d73797374"])
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f0000000240)=0x532e, 0x2)

09:56:47 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYRES32=0x0], 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x6c, &(0x7f000059aff8), 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380)='/dev/nullb0\x00', 0x4000000044882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r1=>0x0)
pkey_mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x6, 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x8000000000080001, 0x0)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000500)={0xd0, 0x0, 0x4, [{0x0, 0x5, 0xc, 0x4, '/dev/nullb0\x00'}, {0x5, 0x800, 0x1, 0x0, ')'}, {0x0, 0x0, 0xc, 0x3, '/dev/nullb0\x00'}, {0x1, 0x0, 0x3, 0x0, '}@)'}, {0x0, 0x6, 0x0, 0xe179}, {0x0, 0x7, 0x0, 0x2}]}, 0xd0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$AUDIT_TRIM(r6, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x3f6, 0x400, 0x70bd2b, 0x25dfdbfc, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4048000}, 0x40000)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SOUND_MIXER_READ_CAPS(r4, 0x80044dfc, &(0x7f0000000080))
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000240)={@in={{0x2, 0x4e20, @dev}}, 0x0, 0x0, 0x50, 0x0, "d9b7d473869ae8fd6162882d62a8e0820f2c9f99276d0ceb4b32c11d60d3d369bfed3c160538f69b60d5749c0b53e69bce385d5ac040a49de97ce8feca7202c1d63f78f123768fcbdf7002491b2715c2"}, 0xd8)
io_submit(r1, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x0, 0x0, r0, &(0x7f0000000000)="98", 0x3e80000000}])

09:56:47 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:47 executing program 3:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000140)={&(0x7f0000000080)=""/105, 0x10000, 0x1800, 0x0, 0x2}, 0x20)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000040)={0x5, 0x100, 0x56adb918, 0x2b}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/udp\x00')
preadv(r4, &(0x7f00000017c0), 0x1ab, 0x0)

[  221.377605] 9pnet: Could not find request transport: fd0x0000000000000003
09:56:47 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x60, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  221.464479] *** Guest State ***
09:56:47 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  221.485116] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  221.565720] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:56:47 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xdd, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  221.617001] 9pnet: Insufficient options for proto=fd
[  221.632889] CR3 = 0x0000000000000000
[  221.667077] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:56:47 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  221.713815] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:56:47 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  221.754981] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  221.815135] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  221.840612] 9pnet: Insufficient options for proto=fd
[  221.891818] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  221.932816] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  221.975275] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  221.998829] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  222.012210] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  222.029153] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  222.040486] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  222.049308] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  222.057369] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  222.065350] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  222.072338] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  222.084133] Interruptibility = 00000000  ActivityState = 00000000
[  222.091710] *** Host State ***
[  222.095062] RIP = 0xffffffff811affaf  RSP = 0xffff88808ba378c0
[  222.102358] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  222.109343] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  222.117745] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  222.123639] CR0=0000000080050033 CR3=000000009603a000 CR4=00000000001426e0
[  222.131717] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  222.138905] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  222.144983] *** Control State ***
[  222.151056] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  222.160350] EntryControls=0000d1ff ExitControls=002fefff
[  222.165872] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  222.173623] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  222.180830] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  222.187514]         reason=80000021 qualification=0000000000000000
[  222.193846] IDTVectoring: info=00000000 errcode=00000000
[  222.199634] TSC Offset = 0xffffff877ee0fadd
[  222.203973] TPR Threshold = 0x00
[  222.207400] EPT pointer = 0x000000008ac6501e
[  222.211812] Virtual processor ID = 0x0001
09:56:50 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:50 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000800)={0x5d, &(0x7f0000000780)="f7b48947299c12d25e3b2d198e5250161669a443e0c811f5abd19ed18cd0996dfa7d05204bb0c84293863a967785c0f427eccd5eec9ea30063f56f4cc7d49534f21a9b9d27ba7c8aa899089621939dee0b8161e28457ab9f732ff0502b"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f00000000c0)='bridge0\x00')
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000001dee0b8267dc088c07d2d5a4a555d5b2d368f2ef0bedb13d9d210cb0831898574a58778a040730702e1b", @ANYRES16=r3, @ANYBLOB="3f022cbd70000000000001000000000000000c410000000c001473797a3000000000"], 0xfffffffffffffff1}, 0x1, 0xfffffff0, 0x0, 0x20008801}, 0x0)
r4 = open(0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r5, &(0x7f0000001300)={0x0, 0x9effffff, &(0x7f0000000180)={&(0x7f0000000640)={0x14, r6, 0x309, 0x0, 0x0, {0x2e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x158, r6, 0x4, 0x70bd2d, 0x25dfdbfe, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x4}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x68}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0x81}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x97fd}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xeb2b}, {0x6, 0x11, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7fffffff}, {0x6, 0x11, 0x7fff}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}, {0x6}}]}, 0x158}, 0x1, 0x0, 0x0, 0x4810}, 0x200c4800)
r7 = syz_open_dev$vcsu(&(0x7f0000000540)='/dev/vcsu#\x00', 0x80, 0x8000)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r7, &(0x7f0000000600)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)={0xcc, r6, 0xf40, 0x70bd27, 0x25dfdbfb, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x200}, {0x8, 0x13, 0x7}, {0x5, 0x14, 0x1}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x100}, {0x6, 0x11, 0x1ff}, {0x8, 0x13, 0x8c0}, {0x5, 0x14, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x1}, {0x8, 0x13, 0xfffff1d7}, {0x5, 0x14, 0x1}}]}, 0xcc}}, 0x881)
getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000000)={'NETMAP\x00'}, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000480)='\x00', &(0x7f00000004c0)='trusted.overlay.origin\x00', &(0x7f0000000500)='y\x00', 0x2, 0x3)
recvfrom$inet6(r4, &(0x7f00000000c0)=""/242, 0xf2, 0x40000000, &(0x7f0000000040)={0xa, 0x0, 0x5, @private1}, 0x1c)

09:56:50 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:50 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:50 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r3}]]}}}]}, 0x38}}, 0x0)

09:56:50 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
socket(0xb, 0x2, 0x0)
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  224.448609] 9pnet: Insufficient options for proto=fd
09:56:50 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
ioctl$DRM_IOCTL_MODE_SETGAMMA(0xffffffffffffffff, 0xc02064a5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=[0xf, 0x0, 0x80], &(0x7f0000000280)})
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000040)={0x1, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr=0x64010102}, 0x800}}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000040)={0x1, 0x10, 0xfa00, {0x0}}, 0x18)
r1 = gettid()
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x734, 0x0, 0xffffffffffffff39)

09:56:50 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xe00, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:50 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  224.514846] *** Guest State ***
[  224.524058] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:56:50 executing program 3:
socket$packet(0x11, 0xa, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r2=>0x0}, &(0x7f00000000c0)=0xc)
setresgid(0x0, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000001800)={0x2, 0x0, @ioapic={0x5000, 0x4, 0xff, 0x2, 0x0, [{0x80, 0xff, 0xf8, [], 0x9}, {0x6d, 0x80, 0x81, [], 0x6}, {0x0, 0x2, 0x80, [], 0xff}, {0x4, 0xff, 0x10, [], 0x3a}, {0x40, 0x9e, 0x9, [], 0x4}, {0x3, 0x1, 0x5, [], 0xa5}, {0x4, 0x4, 0x80, [], 0x5}, {0x0, 0xff, 0xff, [], 0x10}, {0x2, 0x1f, 0x9, [], 0x5}, {0x80, 0xa3, 0x8e, [], 0x2f}, {0x9, 0x8, 0x3, [], 0x8}, {0x3, 0x7, 0x4, [], 0x4}, {0xa8, 0x4, 0x1}, {0x0, 0x2, 0xf8, [], 0x5}, {0x1, 0x97, 0x5, [], 0x8}, {0x6, 0x1, 0x8f, [], 0x5}, {0xc4, 0x93, 0x81, [], 0x20}, {0x1, 0x4, 0x80, [], 0x2}, {0x1, 0x3, 0xd9, [], 0x3}, {0x2, 0x3f, 0xc, [], 0x3f}, {0x7, 0x6, 0xff, [], 0xfc}, {0x7f, 0x63, 0x3, [], 0x81}, {0x8, 0x8, 0x4, [], 0x5}, {0x0, 0x8, 0x5, [], 0x2}]}})
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r4)
syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x7fffffff, 0x8, &(0x7f0000001580)=[{&(0x7f0000000140)="39e498a8aa4c77b9237bea3721fd7293551932f11810b1c6a757662c816bb6b9cd7161c7cff9391669a0f8ef11339f21259a0e236b16895f80441ea9878c7e02c960e2fc3193427e71c0e85f051651f47e542fdbb996fef70732d30a36e3b878340fdfc727af040997909c2b739ff9b3da8d8ec78f47d3", 0x77, 0x8001}, {&(0x7f00000001c0)="131784bffad8508a27b1d15b9fe554e1a645da6fc90b759a2a537169b1d78adde90877872a7cc6bad7a259aa807525", 0x2f, 0x1ff}, {&(0x7f0000000200)="ce08ae427d717d4efd3cfe37af0a026b5a0b21fac6c1798886ca661084d8b44e4723eeed2d629a9a8e6424628e37aa5e70387f289c6b21bc6e564e376073c0481903d1c1afbe9e8a", 0x48, 0xfe8}, {&(0x7f0000000280)="8cc9a6230ea64121753fc686720660de57680355d717a8c450d36702f3030523cd3850adeecbd952adf1cf8220a1b23825a782597d0451f1c9aa0ca908ce4f26331f0b17f75f964a8543853887fd90553eeb330ff0ef10f92ea82097", 0x5c, 0x41a}, {&(0x7f0000000300)="7b481c3f5b82dc0c528154b687364ae2694696d34cb8763cde995b3d77f6437c47f5bb25b46907900b1df273add57e9b1b5408ef87756c331d9ddf9db6c35e0ddb80532741d4aa88e97fca99fe77eb3ec338f5a7931921b9cbf244ae69a3d0ae7298e2d75ce5ebc884db9ccde467ac257d66ea44d3bd41ee97b53a6089b40f5f15b3adf7d8216817e9703662cbc6c3d8e51c5c9c25b97e4e8a918e86ef8f124ec06b8b1dc3e777cb4f66cbcd83ce5dc374eb050cb33a4d700d79a498a8419ee3afa293f9e05cdf9794ceb505b3288102c1672f4eca28", 0xd6, 0x5}, {&(0x7f0000000400)="4aa87bbee82eb95ac1caaf270eb25411ce8f31432ef32f8ffcf2ab797a8d60e9a5a2460942ea47b8d25eab25446157f6dc82ee47dc0fec38949846ac4a7065e927576f7c786a01ead518f780fc43e2caf6f90ddd29f2ecb9f7e87851f37df78affcafdf04b2fc286866c7465f0a815806f3b931cbb477ad645de411986ab3d38f82ac6cc510085ee6779ed0b4f1da16d41d2e4c6f758ddafad6f137a56373cb33848536b57d6b35049576b41091eec371492f8688d3ad8749fdc3fb9421ab6d7f17ab5a0fb3f5b9f1b014d5639d40bf86cde108bbfa33a27c652d1d77061928ffc56e38ddafb89e568899593fb66d1fb42db2d47d40522318bbb4fcf14f75171d5e5f059109f90c28a71e97ebd59d7c2b3d4fa761daa81112701b30bb4d758781f75d053b96eb9b501035289d0e290b5c1bd4b0b59155249acd664cff27db105e5a85b40f5cedf6f59364b7ed2f2f2be672ca860462276abf2a3681eb41b4ef9c1558f58626d772541f578ce90dfb0067aefdaf71ef350598a554ba93b7ccedea045b6dc39faa2fcb35130c36d3c327482da940c62244c3d65a35787668c9498b1be19d9811d0d46b73d7b316ccae51232d463a774475e29bd7c750820a6d5af96216e79bbb47cad1e27c5bf84dc192ec3303ded96a3d374c1d5cd3f9be83daec91a51a86d97ff1f138ed7ad743e46f93c22d44a781fcf462656204ace5cf0860ba1f0e0f5cbdd4499a2a4bf0676c31834adcb0cb6acc54940d8fb7a0c444867d5019566013b6d6888f3501ad7815a27d5e3e9bc58c622f3027210cb2e698ad254a46dee9e53f6ae29436b3284f830da86e76ac3704399073ed423e3a6d6073d67e2ea918e007d3876a1cb76d0092d1d88f298be4b91fd7417ec6ef25cf0c955a9c0f81de266ac23b7357a900b9373ab618e8c93eb25333795f9fd7b33d3265accf1570c77640e22565d2454ca48578a91be9c43cc6ed6052e2f8f6fae6354e5dc30c4afd736cde49631e266b1362744ea293d29c0358ac18b60414c6ac115115889fc8fee1b923bedaee01c5c3c557f81ade148014a47ac8e27082ee5b0f17f418f8d2c202c6f199d91972a69ba940419040a7d1acd3f7c20d95ce7dabd4eb492e94ec74b114ce04a8d2f344f173db546e68d55093b6333bb59cac17b6a10577db970c3b8e1ab8a7d98050b320064cdad81eb41f3c184816a78127f29d56905bf77417a62000523782752e03d7d99ba126158083c1011a43929ad7f4d28814c925945522c0447ff776a763fd4eda68a13f5cb523334b058f91b046d0dbd985854bccf8161cb948d6ee178d06e26918e8675529d2fed1000c5be7bd86f194218e02017feb1439417faa6fe1f4f5e6acfd4b727e3a2288f5839e1db1de28014c78aa105762463323e13bc23af899d3698eced965fb43a59f8de453647a9f1d4073e9a8762650e91feea0a5874f8cac32453a53701747e552d96129ab7d13f692a26877dc532977b5ea4e698e0c4f3eb12e5d0d7e46a1f850eb518ccca1c8dc606d0978ffaec095b76c293073effc1634c795203e9e38827d2e09ee2d36823866f6f9e62e00dd0051e240f3818f6ecee9eb38b83f726274a46fc74a25f2585e56fbca7c75944a978999789438401a84f572f7c169d184ff84a718835a5a85fbffb2e80e36aa629e3d99b654e89653e971f40be7f3fc5fad2d36191c51ea67564f9707107e19ead2586a291344be19c37ca0b79de6290aeb8ab0468995a1018b41490cdd40a494e4b478eb471e7b0552c75561634f19c589bc83711375782b0f8028944fa0dc3c25caf5503990190007b65c6dade53d13c14c02e7a7907d84db09f5418540e384263eb5e78784cedf883535463b13efabd5806bfe63203a2d905449be160c500fd5a73bd96352907720c47b4b1e0904533b6e99ecac1edeff140a5dc077f231552a2c56477c84c8dfc279f73791c7dae4d4d25f781f713d544a180880252cf09730794d42ba8f277623b2b554afdd195a7dd34f3624bbfee1200cd10a040ce7ec4d976e2769468a50c2c6d7d1ac2d62c2aab4e52aee4775ece4457968138e240cb1e4bfbb472029c4030765ac87a43f1af525eb04f11827463e9ca2450cb0b67d7ad2f157ba76e47b6a2c7095b20073efaa6456392217fa449ad8032269896bd31e50aaaafe1a57e143e7f77dce22afbd4c3226dd0dc081ad2185c86ddd98f9765540e672c9ac865431c85577bfcf636c89a9dcd3a965bcc02c00df55adad6a22dfb6cc3e295bba0d871f1313241140059f539b8f3ddde1adc794be23b14469fd731a1f3f73fb9b8b215944a1309f3a26a8038d8fe2f9a8bf7264e27f03e4e142aabf20b9062bb06c05686515fe6bdee8e81bdada1f6c57f3d680bc2e445eadaf01e9fc7fba14a80525f7a2014892357a696b914c54afc8b2b7c9c0bdffbd0a73149d05d8bc6db644d6df8e21a795f098a121abf9e14978881afed1e2222beec6a49eae8f4d4122ac4bb19463aeee45a60211eb74b2050cd06b2d047ecc6c63122d342aab11c86bd3b69ee3eb2655e918f04479b6fce881be20daef07ebe80d7215b66b4a11cbea5529d23d56540693d4f1059770087aae01957ac522b864545820f28513e2147b0f9781724294c772e3df5327dfa3a176b98dafb362c4005d65d094a3c51f46dde96414025c18fe582b397601b6dfe1807685269ad9f2241350556deb1514b1d920f4b7bb1d82f390b6d306ad83d9304940b05f268b125e6ba48023e53e2cafe378c851dbda3758a1e90dabd6a89e8903bc1f73b819f379e76f96cfa31dd11d7f8b3cbf015285ca91df5564151549e9c2006cdf5fa35e982d2101fe64668908bf9c3ac04371bf3b766c99f3d4c34b3c3242b91ccba86086ca834d604954bb4c65cfa742fea0ac3f2f1dc7025f08f297b550293ff6f7794a52aafdbfffb0d726ac84b5867776bc1b03029800bb5c52490218f1cc174a171a741eb7f26d41f6ece6183e061087333c440ecc772bb73bdc5905e79ab3dbdbf09a813479fe25f9fb82baa1752d818563cd99a80761a185a0f40f7f2c81dff50274ad6c2ff8cb535635b23eda9e5a9965909cfa2231947ac1820521d40d68caed16607d9f34d6df934dd06fd3625aac52640af82ba3230c0e4dab1d76858d1e915625031ceb4a943a0435156424f8b92da09f63244f960779dcf1f01f2e0537670d3c9e761d1b310a45d778d1f54e1f3d81154cecc883d2d0fc962cf6fe97c06cea785696738ed7e341583a5b1e043aa60133eeeebc9df483ff2d9967f0ee6da6b243aacceb0b76a8dc8c2fa7619e9d79e303cca9a9e0fa5faeb7739768a9a2aae1a791368ff8ad74e54dda962fc6285cc0863093772f56f3cd51353284dcf3964e7132f7124d7fa7b01fa4db85da31c5199ac5be30fb0e7bb9b385808d096982d5d3400351837d70062dd1bc72d5d688e775b3039ff1360167db3d040d46befdbdb19f8f4623a8e5d11986a42692203dd0e5c3956ee888465cdb801336365af9c8449f9be0c269e9f7a1cf1fd29e8b76bc8f9b04c3bb2c24a0895ba03e172ccc7df60d5e395447e09ad1a9ab3cb0f8d82dd0433bf9f65b8a5b06269f6d17ac7ad20139321ae523b659b4e7f8c135f07245e8242d3f0207ebaf60dbf265018e221597f391fc8dbb740f2bdc9aca76a8ff8617a7bfe234f538a9496b8f4ac036baaaf4f2311032e9b9fbe987c71927d529077bab6609db34dfc79e6a963e905cf2d00df679e8326bccc3749423e3311c12b4058391f004d524f7d95f9bc30f248460174ac56f0811baf06f3a0d0749246c857dd40b6fa3cc7f88f7e9f90689e05aa79f68205596ee2c1995e14d8b307302fc8a38cb36720001fbc8b43a700292cabf056fc1cb58e41b00fe50ada4cb9a1883704c014d76636de976ce40ffc7a0f01428bf83c0270161e6df63ea0ac78ccd6978184ee2a425c9e5ccb5a714079e0f489b7f8812d999995abae998fa097a0085da3cec5516f37161672b7d85efc7469749050f67d33c1c10c4c500fb2e3f2ec178bc432803f788660f4b0aa001edb63c148dc4db133f4b00121b50dd59fdb7dfe7d1bab4f303d64018d0866ed984bfa16e021ee4d1be863801f9789a69465e36ceeca317dcb66aea5cec951240e7de566ec27ead66bdb1a12780b13a607907982cc0f4a66967c0726406a2a6a9e4061426a464041d28b1cd639e19cf2ee6a0d0e832ef4fbc9abb8d5ed8662a7ed6b1742f715b08b619b02190943a14a1c7bc5584c390bcd9c49dce868eedb70e4e6ffbd3839d94cae6798bcb334126c6409865d72c5f850628793d13e36130b9b53a7ef9075e629b99f6d36c60dc4934456ef50c30de70ab2ff674dade2fcf44f3425525761daecef0fb132086fe1c015683d6324dd8ba93f7eca56c74f32817eaad14ced6e5977fe4926a0faa77bba8da0b968f5087cb369d8a4126b1887879d4dfc91919ecafd8a96d9b3811a1bc5f5bdaa7c58b3110fccd6de714046e8a289b5be62a50e920c350c596c6e7a71bcb406de60e1ea4a3929f66fb0cb6db81712b140c8a6dd127801353a9fa3b1fca8bc2fb81bf8cae3f38fcf05027f9ccba1c21b6bed7522b21bb795e202182cba746918ac707c1616fdddb1199813c6749493627c3a04a22a8de84c50d08938626db6ad3edcfdef341513a7f7175c439db1720f837ddf781e67332320f1e616ea1b3cca1c4b7c44dd062ad85bf87a6e0eeec0ef47454ddfc3754b620e4c58872eb596d86b29126c394123cea61e17176b5bd017aac85c61dffcbf5decc09567fbaa4d554253d0db999bd39ca5f1fb6ce8f59a812a70617735154dff8453acfab81e28a6ab9f5f57f03a34a0ac4c6a5a7918395f313acc4e3145d18de22ac24ff8cb9475cd4a27d88ed285bb6c4d1c187a8f9818c7273d2f9c7e2ddaf89166d84357f38fb0bde4512c43b66637c8a8099f95f4b645983ce718ffdbf34f249a09435f06a5875ab7a7a07e81653bb1cb6951c8f14f7e999766ed81d8f8c491a3276c7b250ce5484a4f09c009ef73903ab3a200ae18efa8223d3006a1307d30f8f8368b1c801d06acd473e713ebf90d7849bed787540d13602ccf3ea22cf2643c1cb82a698648937f59ad60be284b773a33f7129c9695a463ecb8e7a8bb8a5a532984d06556741d8d55b24183532f2af7a97396fef545d2c9b605523b41d26cffbfff2c4c8ad2ed7e4881e714b44d3135a8ef08524df802013a43df49e6d3b5bc4b1b8f8076c3561757f870c49ce4a979f4d1767666c1bab9804f8c1bab5c67f598d208305181bc2fb9e20657d2ed63a9ed5fe0a5ef20425baf4fb7d99019b8e2c4cf95529e329d4c4ef7e4d5ba64906a83abcc14c5082d6849b3d58bdbd1a92b3c2506cecfb06083e2a0177848a98fff5b3e7e2d65d58b265dc70bf5438f1641375b5f306633e8730631c0d6a733fdccc399f9a7876d93285eef2a7df6ed113932bd27f033c4892a762aadefbcc4052ab1b14b8de5c04d36a9e696ac0ff8d4af9ca1aec0da7293939801cc8f9fd2e69df0dbf7e0e8d35495acbde565a3451640e1c4af611a41c117a6bd2f2b963a4dda0dadc01c93d01fcd42becd4a2301a5b8635e86e0be770b6e3a7c66aeef05eacd28a7eba62b3f1fb8f753b7ceb05c7911759f1fccb9ba9295521c2228c09c57d3dd8e6d8a5ac2e23365cf3006dc26995e610b8887508f80994be9845886dc83135cdc08f484d9feec7e94c972b8e427df624f4041e1102f05f61b3890f728eec2a6cc", 0x1000, 0xff}, {&(0x7f0000001400)="f170d90f6742b3310edd22b9dd53a17e712c0b3820e1cc4f1575ff70cf8c050db326cbce060f22a09e2ee1243ac9dd7190b8a7b97a8afbaf776ecc5bf017f802a6b44e682c972cd658732e0b9c3f6af085209f3287529d4fc6af8395d0c49fa3fc0cd0cbded47cf777feef80280894d0d05eb1be5fffb94b036e2ea1ede6e5605b1dfa776a93371646642750797ba27df5959a3bd9b076fb1c7662dbf7262225223849581452f90c411b48cd756a38d60bfeda5423840c9e14118c84489aa55764fb2d9c16d30adaf85c48402bb5", 0xce, 0x472}, {&(0x7f0000001500)="d5805291bbdc2b326b2c3c98cf2eeb5d7fb7daf156e4ee586556625e1cb1d9c5a7039bc9b0548237e3ed5f1e8795aefc0fa05226a67326b8a1dfd482fdc72258212f1f7e682d0a7a0e8ae5eefcef761fee47134cbec771dbc718b63651b2", 0x5e, 0x20}], 0x40020, &(0x7f0000001640)=ANY=[@ANYBLOB='shortname=lower,shortname=win95,gid=', @ANYRESHEX=r2, @ANYBLOB=',nonumtail=0,uni_xlate=1,shortname=win95,utf8=0,subj_user=,smackfsdef=,measure,uid>', @ANYRESDEC=r4, @ANYBLOB="dbe2"])
r5 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$TCGETX(r5, 0x5432, &(0x7f0000000000))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$pppoe(0x18, 0x1, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r5, &(0x7f00000017c0)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001780)={&(0x7f0000001a40)={0x48, 0x140c, 0x102, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x1}]}, 0x48}}, 0x10)
connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x100, @dev, 'geneve0\x00'}}, 0x1e)
sendmmsg(r6, &(0x7f000000d180), 0x4000000000000eb, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

[  224.566567] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  224.589192] CR3 = 0x0000000000000000
[  224.595484] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:56:50 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf00, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  224.619777] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  224.634634] 9pnet: Insufficient options for proto=fd
[  224.665045] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
09:56:50 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x2000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  224.706375] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  224.743503] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  224.781470] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  224.814451] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  224.843247] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  224.857105] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  224.870291] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  224.893792] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  224.918516] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  224.932419] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  224.958292] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  224.965475] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  224.979033] Interruptibility = 00000000  ActivityState = 00000000
[  224.986893] *** Host State ***
[  224.990236] RIP = 0xffffffff811affaf  RSP = 0xffff88804d1bf8c0
[  224.997327] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  225.003830] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  225.013536] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  225.020048] CR0=0000000080050033 CR3=0000000097afd000 CR4=00000000001426f0
[  225.028095] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  225.034773] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  225.041860] *** Control State ***
[  225.045428] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  225.053060] EntryControls=0000d1ff ExitControls=002fefff
[  225.059704] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  225.067341] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  225.074014] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  225.081449]         reason=80000021 qualification=0000000000000000
[  225.088318] IDTVectoring: info=00000000 errcode=00000000
[  225.093787] TSC Offset = 0xffffff85db172653
[  225.099169] TPR Threshold = 0x00
[  225.102547] EPT pointer = 0x00000000964c101e
[  225.108323] Virtual processor ID = 0x0001
09:56:53 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:53 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:53 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x3f00, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:53 executing program 3:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f00000000c0)={0x6, 0x1, {0x0, 0x2, 0x200, 0x2}, 0x8})
socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)

09:56:53 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:56:53 executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="b40000000000000061111000000000008510000002200000850000002a00000095e50400000000009500a505000040003023bfb5ddb5f0fbb1869385b03f92ac417c1c21b2d13aa0ee7059c45e8b86486dee71f18aa39c7aaeaafc930569ddbc0697afdee914ee3abd3ebff58ac3c355e83557264da4344708e6ba2ccec69bf51cc3c31f3d003853fcffbae2f254e8487f9673b4410bb608270a16cdf8de96a0965d25a7962e4cdd1bc6c633e82e60743a7d1d7e7655edb5493a6d135781da4b09c6681ceca6ec0a08cdfcd5052bf7be9f1aff5122d701871be16491162c3f40b9c639aec35f03230f1d4f11e65119110de39a835def9b6b76f70a29599f6fdc3889f0f41cec00dd152d4d3ce0b013410976112095"], &(0x7f0000000080)='GPL\x00', 0x0, 0xf8, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x3, 0x10, 0x0}, 0x15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KDSETLED(r3, 0x4b32, 0x200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
connect$bt_sco(r7, &(0x7f0000000000)={0x1f, @none}, 0x8)
llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=""/87, 0x57)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0x1)

[  227.447133] 9pnet: Insufficient options for proto=fd
09:56:53 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x6000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:53 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:53 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_setup(0xb, &(0x7f0000000040))
ioctl$KVM_GET_EMULATED_CPUID(0xffffffffffffffff, 0xc008ae09, 0x0)
syz_read_part_table(0x0, 0x2, &(0x7f0000000440)=[{0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x52450000}])
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvfrom$inet6(0xffffffffffffffff, &(0x7f00000001c0)=""/192, 0xc0, 0x40, &(0x7f0000000280)={0xa, 0x4e22, 0xffffff7c, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}, 0x1c)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SIOCRSACCEPT(r3, 0x89e3)
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, 0x4)
r4 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setsockopt$RXRPC_SECURITY_KEY(r4, 0x110, 0x1, &(0x7f00000000c0)='\x00', 0x1)
r5 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000000)={0x41}, 0x10)

09:56:53 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xdd00, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  227.583165] *** Guest State ***
[  227.588970] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  227.615491] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  227.639988] CR3 = 0x0000000000000000
[  227.644418] 9pnet: Insufficient options for proto=fd
[  227.648240] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  227.671598] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:56:53 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  227.692228] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  227.712634] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  227.730390] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:56:53 executing program 1 (fault-call:4 fault-nth:0):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  227.741169] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  227.758472] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  227.776679] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  227.798876] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  227.822300] FAULT_INJECTION: forcing a failure.
[  227.822300] name failslab, interval 1, probability 0, space 0, times 0
[  227.835065] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  227.846440] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  227.854719] CPU: 0 PID: 10745 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  227.862616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  227.871979] Call Trace:
[  227.874587]  dump_stack+0x1fc/0x2fe
[  227.878238]  should_fail.cold+0xa/0x14
[  227.882154]  ? setup_fault_attr+0x200/0x200
[  227.886498]  ? lock_acquire+0x170/0x3c0
[  227.890466]  __should_failslab+0x115/0x180
[  227.894688]  should_failslab+0x5/0xf
[  227.898387]  __kmalloc_track_caller+0x2a6/0x3c0
[  227.903041]  ? strndup_user+0x70/0x120
[  227.907005]  memdup_user+0x22/0xb0
[  227.910551]  strndup_user+0x70/0x120
[  227.914338]  ksys_mount+0x34/0x130
[  227.917864]  __x64_sys_mount+0xba/0x150
[  227.921825]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  227.926410]  do_syscall_64+0xf9/0x620
[  227.930248]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  227.935435] RIP: 0033:0x45c1f9
[  227.938637] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  227.959087] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  227.966789] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  227.974053] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  227.981309] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  227.988563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.995842] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  228.016940] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  228.026105] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  228.034278] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  228.043394] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  228.051886] Interruptibility = 00000000  ActivityState = 00000000
[  228.059678] *** Host State ***
[  228.063051] RIP = 0xffffffff811affaf  RSP = 0xffff88804835f8c0
[  228.071062] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  228.078763] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  228.088094] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  228.094403] CR0=0000000080050033 CR3=00000000a4dcd000 CR4=00000000001426e0
[  228.104762] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  228.114097] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  228.124384] *** Control State ***
[  228.128633] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  228.136072] EntryControls=0000d1ff ExitControls=002fefff
[  228.141642] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  228.150471] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  228.157849] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  228.164541]         reason=80000021 qualification=0000000000000000
[  228.172059] IDTVectoring: info=00000000 errcode=00000000
[  228.178222] TSC Offset = 0xffffff8437a39e6d
[  228.182650] TPR Threshold = 0x00
[  228.187092] EPT pointer = 0x00000000a46d401e
[  228.191616] Virtual processor ID = 0x0001
09:56:56 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:56:56 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf0ffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:56 executing program 0:
r0 = socket(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000900b8000699030000000500150005008178a8001600400001000200000094060434026efb8000a007a290457f0189b316277ce06bbace6617cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf639cb9dbcdcc6b4c1f215ce3bb9ad809d5e1cace81ed0be0b42affcbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000", 0xd8}], 0x1}, 0x0)

09:56:56 executing program 1 (fault-call:4 fault-nth:1):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:56 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:56:56 executing program 3:
perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f00000000c0)={0x6, 0x1, {0x0, 0x2, 0x200, 0x2}, 0x8})
socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$VHOST_SET_LOG_BASE(0xffffffffffffffff, 0x4008af04, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x0)

09:56:56 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x1000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  230.506490] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.0'.
[  230.516228] FAULT_INJECTION: forcing a failure.
[  230.516228] name failslab, interval 1, probability 0, space 0, times 0
[  230.543146] CPU: 0 PID: 10774 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  230.551067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  230.560430] Call Trace:
[  230.563036]  dump_stack+0x1fc/0x2fe
[  230.566688]  should_fail.cold+0xa/0x14
[  230.570599]  ? setup_fault_attr+0x200/0x200
[  230.574943]  ? lock_acquire+0x170/0x3c0
[  230.578941]  __should_failslab+0x115/0x180
[  230.583194]  should_failslab+0x5/0xf
[  230.586924]  kmem_cache_alloc_trace+0x284/0x380
[  230.591607]  ? _copy_from_user+0xd2/0x130
[  230.595772]  copy_mount_options+0x59/0x380
[  230.600038]  ksys_mount+0x9b/0x130
[  230.603597]  __x64_sys_mount+0xba/0x150
[  230.607590]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  230.612188]  do_syscall_64+0xf9/0x620
[  230.616012]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  230.621214] RIP: 0033:0x45c1f9
[  230.624417] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  230.643335] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
09:56:56 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffff7fffffffffff, 0xffffffffffffffff, 0x0)
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40)
r1 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r2 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="04630441"], 0x0, 0x0, 0x0})
r3 = dup2(r2, r1)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000540)={0xc, 0x0, &(0x7f0000000300)=[@free_buffer], 0x0, 0x2, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)

[  230.651059] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  230.655562] audit: type=1400 audit(1595584616.459:23): avc:  denied  { create } for  pid=10789 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
[  230.658332] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  230.658342] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  230.658351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
09:56:56 executing program 1 (fault-call:4 fault-nth:2):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  230.658359] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  230.729951] *** Guest State ***
[  230.745054] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  230.754050] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  230.770378] CR3 = 0x0000000000000000
09:56:56 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x2000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  230.774899] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  230.781408] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  230.799276] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  230.828736] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  230.847240] FAULT_INJECTION: forcing a failure.
[  230.847240] name failslab, interval 1, probability 0, space 0, times 0
[  230.851285] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  230.873427] CPU: 1 PID: 10804 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  230.881344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  230.890704] Call Trace:
[  230.893310]  dump_stack+0x1fc/0x2fe
[  230.896958]  should_fail.cold+0xa/0x14
[  230.900382] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  230.900856]  ? setup_fault_attr+0x200/0x200
[  230.900874]  ? lock_acquire+0x170/0x3c0
[  230.917117]  __should_failslab+0x115/0x180
[  230.921369]  should_failslab+0x5/0xf
[  230.925100]  kmem_cache_alloc+0x277/0x370
[  230.928557] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  230.929259]  getname_flags+0xce/0x590
[  230.929279]  user_path_at_empty+0x2a/0x50
[  230.929295]  do_mount+0x147/0x2f10
[  230.948719]  ? setup_fault_attr+0x200/0x200
[  230.953055]  ? lock_acquire+0x170/0x3c0
[  230.957050]  ? check_preemption_disabled+0x41/0x280
[  230.961075] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  230.962078]  ? copy_mount_string+0x40/0x40
[  230.962093]  ? copy_mount_options+0x59/0x380
[  230.962113]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  230.983808]  ? kmem_cache_alloc_trace+0x323/0x380
[  230.988584] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  230.988662]  ? copy_mount_options+0x26f/0x380
[  231.001108]  ksys_mount+0xcf/0x130
[  231.001585] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  231.004653]  __x64_sys_mount+0xba/0x150
[  231.004672]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  231.004685]  do_syscall_64+0xf9/0x620
[  231.004705]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  231.004716] RIP: 0033:0x45c1f9
[  231.004729] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  231.004737] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  231.004758] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  231.021073] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
09:56:56 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x3000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:57 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  231.021236] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  231.026069] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  231.030213] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  231.030222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  231.030229] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  231.172209] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  231.181881] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  231.208329] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  231.216873] Interruptibility = 00000000  ActivityState = 00000000
[  231.223223] *** Host State ***
[  231.227628] RIP = 0xffffffff811affaf  RSP = 0xffff888047f9f8c0
[  231.233740] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  231.241168] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  231.249661] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  231.256876] CR0=0000000080050033 CR3=0000000091f05000 CR4=00000000001426f0
[  231.263914] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  231.271776] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  231.278403] *** Control State ***
[  231.281875] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  231.290291] EntryControls=0000d1ff ExitControls=002fefff
[  231.296300] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  231.303220] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  231.310980] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  231.318239]         reason=80000021 qualification=0000000000000000
[  231.325333] IDTVectoring: info=00000000 errcode=00000000
[  231.330819] TSC Offset = 0xffffff8286552f49
[  231.336294] TPR Threshold = 0x00
[  231.339760] EPT pointer = 0x00000000a407701e
[  231.345975] Virtual processor ID = 0x0001
09:56:59 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:56:59 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x4000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:59 executing program 1 (fault-call:4 fault-nth:3):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:59 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:56:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:56:59 executing program 3:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x101600, 0x0)
ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)={0x6})
r1 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r4, &(0x7f0000001300)={0x0, 0x9effffff, &(0x7f0000000180)={&(0x7f0000000640)={0x14, r5, 0x309, 0x0, 0x0, {0x2e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r3, &(0x7f0000000480)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x198, r5, 0x400, 0x70bd26, 0x25dfdbfc, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7fff}, {0x6, 0x16, 0xf2}, {0x5}, {0x6, 0x11, 0x8000}, {0x8}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0x2}, {0x5}, {0x6}, {0x8, 0xb, 0x8}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0xffff}, {0x5}, {0x6, 0x11, 0x9}, {0x8, 0xb, 0x3}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x8178}, {0x8, 0xb, 0x4}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7fff}, {0x6}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0xffff}}]}, 0x198}, 0x1, 0x0, 0x0, 0x4800}, 0x4800)
sendmsg$netlink(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000340)={0x11c, 0x19, 0x1, 0x0, 0x0, "", [@typed={0x10a, 0x0, 0x0, 0x0, @binary="6186f90b81daee70f8000500e8859db117f449d7d1d2869f916865253f07ec10ead59da6cfc1f44b5a7600e26e2efd58c2d13ecf09cbf1db90a319f7871e7f94a2d487af9de0a2fd0d38561e43489c31a105fccdd151b6ca7d4fd4f54a1aace0497f66e1d7f6f98c687de4a5ca42f1bbdf409142eb6cae41e3c87a13d3343088589683f8dd2c3a88ac261c9ad11b847e78bc11ff4949803092d252c5160764d4fc18c43712ed25e27efa9d23b5beb5b1d1288a742c2bfc2e321167d66ce0c896d3576f6ebe2683049945ac61756924853541dc5a90b54014b0a07c73d66650de2a127ccc27286823538b4dab8d06f6c9b32742703d42aa7c95a4e0282760"}, @typed={0x8, 0xf, 0x0, 0x0, @fd}]}, 0x11c}], 0x1}, 0x0)

09:56:59 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  233.537982] FAULT_INJECTION: forcing a failure.
[  233.537982] name failslab, interval 1, probability 0, space 0, times 0
[  233.592023] CPU: 1 PID: 10832 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  233.599943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  233.609301] Call Trace:
[  233.611892]  dump_stack+0x1fc/0x2fe
[  233.615520]  should_fail.cold+0xa/0x14
[  233.619403]  ? setup_fault_attr+0x200/0x200
[  233.623712]  ? lock_acquire+0x170/0x3c0
[  233.627702]  __should_failslab+0x115/0x180
[  233.631924]  should_failslab+0x5/0xf
[  233.635628]  kmem_cache_alloc+0x277/0x370
[  233.639761]  alloc_vfsmnt+0x23/0x780
[  233.643463]  ? _raw_read_unlock+0x29/0x40
[  233.647598]  vfs_kern_mount.part.0+0x27/0x470
[  233.652083]  do_mount+0x113c/0x2f10
[  233.655700]  ? lock_acquire+0x170/0x3c0
[  233.659658]  ? check_preemption_disabled+0x41/0x280
[  233.664662]  ? copy_mount_string+0x40/0x40
[  233.668881]  ? copy_mount_options+0x59/0x380
[  233.673276]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  233.678278]  ? kmem_cache_alloc_trace+0x323/0x380
[  233.683106]  ? copy_mount_options+0x26f/0x380
[  233.687586]  ksys_mount+0xcf/0x130
[  233.691112]  __x64_sys_mount+0xba/0x150
[  233.695073]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  233.699641]  do_syscall_64+0xf9/0x620
[  233.703430]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  233.708777] RIP: 0033:0x45c1f9
[  233.711956] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  233.730840] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
09:56:59 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0)
r6 = socket(0x1000000010, 0x80003, 0x0)
sendmmsg$alg(r6, &(0x7f0000000100), 0x492492492492711, 0x0)
r7 = gettid()
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000300)={<r8=>0xffffffffffffffff, 0x0, 0x4800000000000000, 0x5b30})
read$proc_mixer(r8, &(0x7f00000003c0)=""/164, 0xa4)
tkill(r7, 0x40)
fcntl$setownex(r6, 0xf, &(0x7f00000000c0)={0x0, r7})
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x6558, &(0x7f0000000280)={&(0x7f0000000080)=@newlink={0x20, 0x11, 0x425, 0x0, 0x0, {0x10, 0x0, 0x0, r11}}, 0x20}}, 0x0)

09:56:59 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x6b8ffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  233.738532] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  233.745787] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  233.753043] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  233.760296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  233.767562] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:56:59 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x8000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:56:59 executing program 1 (fault-call:4 fault-nth:4):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:56:59 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:56:59 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  233.863819] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
09:56:59 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xe000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  233.981650] bond1: Enslaving bridge1 as a backup interface with an up link
[  234.005055] FAULT_INJECTION: forcing a failure.
[  234.005055] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  234.035994] bond1: Enslaving bridge2 as a backup interface with a down link
[  234.041311] *** Guest State ***
[  234.047678] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  234.058736] CPU: 0 PID: 10902 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  234.062135] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  234.066650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  234.066656] Call Trace:
[  234.066679]  dump_stack+0x1fc/0x2fe
[  234.066702]  should_fail.cold+0xa/0x14
[  234.066718]  ? lock_acquire+0x170/0x3c0
[  234.066732]  ? setup_fault_attr+0x200/0x200
[  234.066754]  __alloc_pages_nodemask+0x239/0x2890
[  234.066767]  ? pcpu_alloc+0x91f/0x1190
[  234.066781]  ? mark_held_locks+0xf0/0xf0
[  234.066794]  ? pcpu_alloc+0xe78/0x1190
[  234.066814]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  234.066837]  ? check_preemption_disabled+0x41/0x280
[  234.066859]  ? rcu_read_lock_sched_held+0x16c/0x1d0
09:57:00 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  234.066872]  ? pcpu_alloc+0xc9/0x1190
[  234.066889]  alloc_pages_current+0x193/0x2a0
[  234.066901]  ? __lockdep_init_map+0x100/0x5a0
[  234.066917]  get_zeroed_page+0x10/0x40
[  234.066929]  mount_fs+0x203/0x30c
[  234.066947]  vfs_kern_mount.part.0+0x68/0x470
[  234.066963]  do_mount+0x113c/0x2f10
[  234.067049]  ? copy_mount_string+0x40/0x40
[  234.101752] CR3 = 0x0000000000000000
[  234.103517]  ? copy_mount_options+0x190/0x380
[  234.103534]  ? copy_mount_options+0x1ab/0x380
[  234.103549]  ? copy_mount_options+0x26f/0x380
[  234.103564]  ksys_mount+0xcf/0x130
[  234.103579]  __x64_sys_mount+0xba/0x150
[  234.103595]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  234.103610]  do_syscall_64+0xf9/0x620
[  234.103628]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  234.103637] RIP: 0033:0x45c1f9
[  234.103652] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  234.113229] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  234.116388] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  234.116400] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  234.116407] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  234.116415] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  234.116423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  234.116431] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  234.280088] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  234.298673] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  234.305768] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  234.314108] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  234.322098] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  234.330584] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  234.338956] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  234.347403] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  234.373419] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  234.381445] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  234.389868] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  234.398210] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  234.406801] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  234.413235] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  234.421318] Interruptibility = 00000000  ActivityState = 00000000
[  234.427991] *** Host State ***
[  234.431204] RIP = 0xffffffff811affaf  RSP = 0xffff888052b578c0
[  234.437597] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  234.444366] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  234.452212] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  234.458537] CR0=0000000080050033 CR3=00000000886a9000 CR4=00000000001426e0
[  234.466154] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  234.472840] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  234.479286] *** Control State ***
[  234.482755] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  234.489933] EntryControls=0000d1ff ExitControls=002fefff
[  234.495750] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  234.502689] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  234.509543] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  234.516232]         reason=80000021 qualification=0000000000000000
[  234.522535] IDTVectoring: info=00000000 errcode=00000000
[  234.528061] TSC Offset = 0xffffff80c0699646
[  234.532437] TPR Threshold = 0x00
[  234.535890] EPT pointer = 0x0000000095ae201e
[  234.540291] Virtual processor ID = 0x0001
09:57:02 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:02 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:02 executing program 1 (fault-call:4 fault-nth:5):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:02 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:02 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xf0ffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, 0x0, 0x711, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)={0x44, 0x0, 0x100, 0xffffffff, 0x25dfdbff, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x15f7dd6a}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x24001000}, 0x34004000)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KDSKBLED(r4, 0x4b65, 0xfffffffffffffff8)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @ipv4={[], [], @empty}}, 0x1c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0)='l2tp\x00')
sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x14, r8, 0x917, 0x0, 0x0, {0x0}}, 0x14}}, 0x0)
sendmsg$L2TP_CMD_SESSION_MODIFY(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x83408}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x58, r8, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x79}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e20}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @remote}, @L2TP_ATTR_UDP_ZERO_CSUM6_TX={0x5, 0x21, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x8051}, 0x4880)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0xffffff8d, 0x0, 0xb3550aa4ba878254}, 0x9c)

09:57:02 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2})
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:02 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x20000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  236.660159] FAULT_INJECTION: forcing a failure.
[  236.660159] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  236.719381] *** Guest State ***
[  236.725196] CPU: 0 PID: 10943 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  236.733102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  236.742467] Call Trace:
[  236.745071]  dump_stack+0x1fc/0x2fe
[  236.748722]  should_fail.cold+0xa/0x14
[  236.752630]  ? lock_acquire+0x170/0x3c0
[  236.756621]  ? setup_fault_attr+0x200/0x200
[  236.760963]  __alloc_pages_nodemask+0x239/0x2890
[  236.765911]  ? pcpu_alloc+0x91f/0x1190
[  236.769808]  ? mark_held_locks+0xf0/0xf0
[  236.773880]  ? pcpu_alloc+0xe78/0x1190
[  236.777786]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  236.782645]  ? check_preemption_disabled+0x41/0x280
[  236.787682]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  236.792708]  ? pcpu_alloc+0xc9/0x1190
[  236.796521]  alloc_pages_current+0x193/0x2a0
[  236.800941]  ? __lockdep_init_map+0x100/0x5a0
[  236.805448]  get_zeroed_page+0x10/0x40
[  236.809354]  mount_fs+0x203/0x30c
[  236.812831]  vfs_kern_mount.part.0+0x68/0x470
[  236.817337]  do_mount+0x113c/0x2f10
[  236.820976]  ? lock_acquire+0x170/0x3c0
[  236.824960]  ? check_preemption_disabled+0x41/0x280
[  236.829995]  ? copy_mount_string+0x40/0x40
[  236.834327]  ? copy_mount_options+0x59/0x380
[  236.838747]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  236.843775]  ? kmem_cache_alloc_trace+0x323/0x380
[  236.848629]  ? copy_mount_options+0x26f/0x380
[  236.853141]  ksys_mount+0xcf/0x130
[  236.856692]  __x64_sys_mount+0xba/0x150
[  236.860677]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  236.865283]  do_syscall_64+0xf9/0x620
[  236.869108]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  236.874308] RIP: 0033:0x45c1f9
[  236.877510] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  236.896507] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  236.904222] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  236.911504] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
09:57:02 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r7, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x0, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @local}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MAC={0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x24080041}, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:02 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:02 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x3f000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:02 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r5, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  236.918788] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  236.926069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  236.933350] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:02 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  236.965913] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  237.009399] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  237.042878] CR3 = 0x0000000000000000
[  237.057981] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  237.088920] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  237.110434] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  237.126383] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  237.149754] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  237.161582] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  237.175634] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  237.188300] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  237.199949] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  237.212139] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  237.225957] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  237.236933] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  237.251055] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  237.261940] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  237.275440] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  237.286677] Interruptibility = 00000000  ActivityState = 00000000
[  237.296338] *** Host State ***
[  237.299819] RIP = 0xffffffff811affaf  RSP = 0xffff8880534ff8c0
[  237.309841] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  237.318243] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  237.326233] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  237.332125] CR0=0000000080050033 CR3=00000000a12aa000 CR4=00000000001426f0
[  237.340004] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  237.346820] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  237.353116] *** Control State ***
[  237.356576] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  237.363385] EntryControls=0000d1ff ExitControls=002fefff
[  237.368834] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  237.375838] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  237.382497] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  237.389244]         reason=80000021 qualification=0000000000000000
[  237.395667] IDTVectoring: info=00000000 errcode=00000000
[  237.401108] TSC Offset = 0xffffff7f518ed3cd
[  237.405495] TPR Threshold = 0x00
[  237.408858] EPT pointer = 0x00000000a92ed01e
[  237.413374] Virtual processor ID = 0x0001
09:57:05 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x9effffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:05 executing program 1 (fault-call:4 fault-nth:6):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:05 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:05 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2})
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:05 executing program 3:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x10}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:05 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xdd000000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  239.670977] FAULT_INJECTION: forcing a failure.
[  239.670977] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  239.731496] CPU: 0 PID: 10994 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  239.739420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  239.748785] Call Trace:
[  239.751392]  dump_stack+0x1fc/0x2fe
[  239.755046]  should_fail.cold+0xa/0x14
[  239.759034]  ? lock_acquire+0x170/0x3c0
[  239.763050]  ? setup_fault_attr+0x200/0x200
[  239.767398]  __alloc_pages_nodemask+0x239/0x2890
[  239.772168]  ? lock_acquire+0x170/0x3c0
[  239.776330]  ? check_preemption_disabled+0x41/0x280
[  239.781374]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  239.786415]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  239.791276]  ? pcpu_alloc+0xe78/0x1190
[  239.795191]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  239.800067]  alloc_pages_current+0x193/0x2a0
[  239.804530]  get_zeroed_page+0x10/0x40
[  239.808434]  selinux_sb_copy_data+0x28/0x4e0
[  239.812869]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  239.817902]  ? pcpu_alloc+0xc9/0x1190
[  239.821727]  security_sb_copy_data+0x48/0xa0
[  239.826154]  mount_fs+0x22a/0x30c
[  239.829630]  vfs_kern_mount.part.0+0x68/0x470
[  239.834142]  do_mount+0x113c/0x2f10
[  239.837791]  ? lock_acquire+0x170/0x3c0
[  239.841781]  ? check_preemption_disabled+0x41/0x280
[  239.846813]  ? copy_mount_string+0x40/0x40
[  239.851057]  ? copy_mount_options+0x59/0x380
[  239.855486]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  239.860519]  ? kmem_cache_alloc_trace+0x323/0x380
[  239.865358]  ? copy_mount_options+0x26f/0x380
[  239.869849]  ksys_mount+0xcf/0x130
[  239.873382]  __x64_sys_mount+0xba/0x150
[  239.877369]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  239.881952]  do_syscall_64+0xf9/0x620
[  239.885744]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  239.890919] RIP: 0033:0x45c1f9
[  239.894100] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  239.912985] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  239.920682] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
09:57:05 executing program 3:
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x1, 0x0)
clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='squashfs\x00', 0x0, 0x0)

09:57:05 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  239.927935] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  239.935187] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  239.942441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  239.949693] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:05 executing program 1 (fault-call:4 fault-nth:7):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2})
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:05 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf0ffffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:06 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  240.098093] FAULT_INJECTION: forcing a failure.
[  240.098093] name failslab, interval 1, probability 0, space 0, times 0
[  240.111541] *** Guest State ***
[  240.115559] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  240.131334] CPU: 0 PID: 11033 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  240.139245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  240.148622] Call Trace:
[  240.151224]  dump_stack+0x1fc/0x2fe
[  240.154871]  should_fail.cold+0xa/0x14
[  240.158784]  ? setup_fault_attr+0x200/0x200
[  240.163129]  ? lock_acquire+0x170/0x3c0
[  240.167125]  __should_failslab+0x115/0x180
[  240.171375]  should_failslab+0x5/0xf
[  240.175106]  kmem_cache_alloc_trace+0x284/0x380
[  240.179794]  v9fs_mount+0x54/0x910
[  240.183356]  mount_fs+0xa3/0x30c
[  240.186741]  vfs_kern_mount.part.0+0x68/0x470
[  240.191256]  do_mount+0x113c/0x2f10
[  240.194901]  ? lock_acquire+0x170/0x3c0
[  240.198893]  ? check_preemption_disabled+0x41/0x280
[  240.203930]  ? copy_mount_string+0x40/0x40
[  240.208184]  ? copy_mount_options+0x59/0x380
[  240.212617]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  240.217656]  ? kmem_cache_alloc_trace+0x323/0x380
[  240.222522]  ? copy_mount_options+0x26f/0x380
[  240.227036]  ksys_mount+0xcf/0x130
[  240.230592]  __x64_sys_mount+0xba/0x150
[  240.234582]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  240.239179]  do_syscall_64+0xf9/0x620
[  240.243000]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  240.244462] audit: type=1804 audit(1595584626.151:24): pid=11043 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir911520918/syzkaller.K42nm9/131/bus" dev="sda1" ino=16291 res=1
[  240.248187] RIP: 0033:0x45c1f9
[  240.248204] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
09:57:06 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xf5ffffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:06 executing program 3:
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x80, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000740)=ANY=[@ANYRES16, @ANYRESHEX], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000180)='devices.deny\x00', 0x2, 0x0)
r3 = dup(0xffffffffffffffff)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$describe(0x6, 0x0, 0x0, 0x0)
accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
dup3(r1, r0, 0x0)
fcntl$setstatus(r0, 0x4, 0x44000)
io_setup(0x40000000008, &(0x7f0000000240))
r4 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r4, 0x0, 0x0, 0x1000f4)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41c4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x15c, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0xf8}, 0x0, 0x1, 0xffffffffffffffff, 0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
dup(r5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
io_submit(0x0, 0x4, &(0x7f0000000680)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x2, r3, &(0x7f00000002c0)="a45c34c1273f393134909b7e5beabc2b51e70ca8ee25004779ca0abce3b927799d0a7f84e029d481083ab820182eb7fed2892591a4ff617b81d15c0f80d31ea5eb94686c839a30b32d46c7114392d27c2b5f49918b6fa2f4dbae3d1af6dcec8cebf8e1b69584d59efe7d28d2146648441a26b691d6573b13fb281f86946e0101cff86546808d927d81be485aac085505964d7e307b9f23d4566a09d47110de811843026587b86939a6f8016746029b397381230920d685cc8cbfe54aa49a9e7fd23b486fbdb0577d5ccdde6066fbe76e714b944a997a8cc0cea32f70c424694292430317a0a3bf6bde467a164713f90e6b886fe3995074", 0xf7, 0x1, 0x0, 0x3}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, &(0x7f00000003c0)="2ffaf50e613ebf57a4d6502e4d419dda3e856e614c01b93efa79cb2502b510ace009f6397160dd0d2a055181e441d25e905541ccafca58709a180d34b39d28f8a6ce28b25c4ee7cb474c373341ef56da9d1312ebf4cd022dc77c776e40fb28f86488e71372c814a7d8ad1a3c03268e7c2e2b3ce196a226800f390b933a984dfd4ddc168600334cd532e579a52f10e77610c65105ed540cb05332162ec6a72b5641741a62bfecd630b9daea7cc31437edb275b2ec4a41f459646a50e508aeee47d39f18561f8d0a687caed16a7d51a3dfb454ab2c44245f15b056879616dc0be25157633639fb654af2a6b9c742", 0xed, 0x6, 0x0, 0x1}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)="7b0dadb685c64237036acda2df1780a4d56c56e5c220ce088e63354f5929b210bf7719a6c69d056556f89a09de83922c4ac460858f7ed9a50090cc732ee14a0d18c89fec3527f9a5b3325bcb4569678a353637570dccf3746fda901b99acfd4cc00c6f0616116b36676fb4c0400ba7cd3a1b9ef00fb2310574", 0x79, 0xfffffffffffffffb, 0x0, 0x1}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x4, 0x599c, 0xffffffffffffffff, &(0x7f0000000580)="36557a9fa4cfd1c62e3a6ee2bd6496baaad0dd2205bbb9e5677e46de1f5ec4c3327d7a63fb6405f13134606693269a99f3695e9f53444d10fef3adfa9a695f551d05d8eb7d162dab1acf92855de2db3849c11a4f334e43a00fc11c6ee7f1328b42fedfdd3f276f9875a6f71c4689c39354ee8b85d5c377016a00690b1260674edef8fff8088b5e9315", 0x89, 0x10001}])

[  240.248211] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  240.301649] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  240.308908] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  240.316305] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  240.323565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  240.330841] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  240.400211] audit: type=1804 audit(1595584626.261:25): pid=11045 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir911520918/syzkaller.K42nm9/131/bus" dev="sda1" ino=16291 res=1
[  240.450414] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  240.481774] CR3 = 0x0000000000000000
[  240.497500] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  240.511479] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  240.518354] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  240.526026] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  240.540215] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  240.559839] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  240.583042] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  240.591136] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  240.601152] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  240.617871] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  240.626507] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  240.635222] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  240.643754] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  240.651727] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  240.659004] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  240.667883] Interruptibility = 00000000  ActivityState = 00000000
[  240.674790] *** Host State ***
[  240.677989] RIP = 0xffffffff811affaf  RSP = 0xffff88804fe7f8c0
[  240.684693] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  240.691096] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  240.699787] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  240.706459] CR0=0000000080050033 CR3=00000000961a8000 CR4=00000000001426f0
[  240.708749] NOHZ: local_softirq_pending 08
[  240.714482] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  240.724993] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  240.731036] *** Control State ***
[  240.734628] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  240.741288] EntryControls=0000d1ff ExitControls=002fefff
[  240.746823] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  240.754070] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  240.760734] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  240.767379]         reason=80000021 qualification=0000000000000000
[  240.773776] IDTVectoring: info=00000000 errcode=00000000
[  240.779221] TSC Offset = 0xffffff7d82927afb
[  240.783607] TPR Threshold = 0x00
[  240.786969] EPT pointer = 0x000000009660b01e
[  240.791358] Virtual processor ID = 0x0001
[  241.343142] NOHZ: local_softirq_pending 08
[  241.982711] NOHZ: local_softirq_pending 08
09:57:08 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:08 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xfcffffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:08 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:08 executing program 1 (fault-call:4 fault-nth:8):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:08 executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34010000f15105ff00000000bce9a70000000000", @ANYRES32, @ANYBLOB="0000000004000000080112000c0001006d6163766c616e00f80002004c0005000a0004005c1be6ca646304920a000400d21bf5466bca0000cd1256acea9c2f85340b00000a000400aaaaaaaaaaaa00000a000400aaaaaaaaaabb20000a000400aaaaaaaaaabb00000a000400aaaaaaaaaabb000008000100100000000a000400aaaaaaaaaaaa00000a000400aaaaaaaaaa230000080003000300000008ea020002000000640005000a190400010b87fba20300000a000400ffffffffffff00000a000400aaaaaaaaaa2400000a000400ffffffffffff00000a00040000000000000000000a00040000000000000000000a0004000180c200000200000a00040010c784011564000008000300000000000b00050004"], 0x134}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140)=[{0x900, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="8d90622fae35ba9858df3b8dcdbf610e90417e461099ebaa1e41d7116f26c9fca136495f868210dc4aef38dfccb7cf2614bab1dae27c1c2f6d0bd8745988d162315bff67f27bfd2be9cbb5723b1cf379849a3fa4110635ad1231a22086df302e3eb4d183c2070acb91e3093e145b07e59bd82cf0291556cdafd9ee118e8ca4efb9f18d46", 0x84}], 0x1, &(0x7f0000000100), 0x0, 0x8045}], 0x1, 0x0)

09:57:08 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:08 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xffffb806, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  242.741120] FAULT_INJECTION: forcing a failure.
[  242.741120] name failslab, interval 1, probability 0, space 0, times 0
[  242.781365] CPU: 0 PID: 11066 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  242.789288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  242.798651] Call Trace:
[  242.801264]  dump_stack+0x1fc/0x2fe
[  242.804920]  should_fail.cold+0xa/0x14
[  242.808830]  ? setup_fault_attr+0x200/0x200
[  242.813164]  ? lock_acquire+0x170/0x3c0
[  242.817159]  __should_failslab+0x115/0x180
[  242.821410]  should_failslab+0x5/0xf
[  242.825143]  __kmalloc_track_caller+0x2a6/0x3c0
[  242.829830]  ? v9fs_session_init+0xa7/0x1770
[  242.834258]  ? mark_held_locks+0xf0/0xf0
[  242.838342]  kstrdup+0x36/0x70
[  242.841552]  v9fs_session_init+0xa7/0x1770
[  242.845977]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[  242.851100]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  242.855705]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  242.860905]  ? debug_check_no_obj_freed+0x201/0x482
[  242.865949]  ? v9fs_show_options+0x760/0x760
[  242.870377]  ? setup_fault_attr+0x200/0x200
[  242.874749]  ? lock_acquire+0x170/0x3c0
[  242.878773]  ? check_preemption_disabled+0x41/0x280
[  242.883813]  ? v9fs_mount+0x54/0x910
[  242.887545]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  242.892575]  ? kmem_cache_alloc_trace+0x323/0x380
[  242.897415]  v9fs_mount+0x73/0x910
[  242.900952]  mount_fs+0xa3/0x30c
[  242.904309]  vfs_kern_mount.part.0+0x68/0x470
[  242.908792]  do_mount+0x113c/0x2f10
[  242.912412]  ? lock_acquire+0x170/0x3c0
[  242.916373]  ? check_preemption_disabled+0x41/0x280
[  242.921375]  ? copy_mount_string+0x40/0x40
[  242.925593]  ? copy_mount_options+0x59/0x380
[  242.929990]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  242.934994]  ? kmem_cache_alloc_trace+0x323/0x380
[  242.939823]  ? copy_mount_options+0x26f/0x380
[  242.944306]  ksys_mount+0xcf/0x130
[  242.947833]  __x64_sys_mount+0xba/0x150
[  242.951796]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  242.956363]  do_syscall_64+0xf9/0x620
[  242.960154]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  242.965328] RIP: 0033:0x45c1f9
09:57:08 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xb, 0x40, 0xab, 0xa37, 0x1, 0x1}, 0x2c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000140)=<r5=>0x0)
write$FUSE_LK(r2, &(0x7f0000000180)={0x28, 0x0, 0x1, {{0x800, 0x100, 0x1, r5}}}, 0x28)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000040000002800000850000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xb, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x0, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x11}], &(0x7f0000000280)='GPL\x00', 0x1, 0x217, &(0x7f00000004c0)=""/167, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x10c}, 0x48)

09:57:08 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xfffff000, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:08 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  242.968507] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  242.987405] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  242.995098] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  243.002449] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  243.009714] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  243.016973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008
[  243.024229] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:09 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:09 executing program 1 (fault-call:4 fault-nth:9):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:09 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xffffff7f, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:09 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:09 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xffffff9e, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  243.296966] FAULT_INJECTION: forcing a failure.
[  243.296966] name failslab, interval 1, probability 0, space 0, times 0
09:57:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  243.379141] CPU: 0 PID: 11118 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  243.387083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  243.396447] Call Trace:
[  243.399054]  dump_stack+0x1fc/0x2fe
[  243.402713]  should_fail.cold+0xa/0x14
[  243.406666]  ? setup_fault_attr+0x200/0x200
[  243.411088]  ? lock_acquire+0x170/0x3c0
[  243.415086]  __should_failslab+0x115/0x180
[  243.419343]  should_failslab+0x5/0xf
[  243.423207]  kmem_cache_alloc_trace+0x284/0x380
[  243.427902]  p9_client_create+0xaf/0x12e0
[  243.432076]  ? should_fail+0x142/0x7b0
[  243.435977]  ? fs_reclaim_release+0xd0/0x110
[  243.440406]  ? setup_fault_attr+0x200/0x200
[  243.444742]  ? lock_acquire+0x170/0x3c0
[  243.448733]  ? p9_client_flush+0x490/0x490
[  243.452993]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  243.458024]  ? __lockdep_init_map+0x100/0x5a0
[  243.462540]  ? __raw_spin_lock_init+0x28/0x100
[  243.467144]  v9fs_session_init+0x1dd/0x1770
[  243.471490]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  243.476608]  ? debug_check_no_obj_freed+0x201/0x482
[  243.481646]  ? v9fs_show_options+0x760/0x760
[  243.486212]  ? setup_fault_attr+0x200/0x200
[  243.490555]  ? lock_acquire+0x170/0x3c0
[  243.494550]  ? check_preemption_disabled+0x41/0x280
[  243.499582]  ? v9fs_mount+0x54/0x910
[  243.503298]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  243.508308]  ? kmem_cache_alloc_trace+0x323/0x380
[  243.513144]  v9fs_mount+0x73/0x910
[  243.516682]  mount_fs+0xa3/0x30c
[  243.520035]  vfs_kern_mount.part.0+0x68/0x470
[  243.524537]  do_mount+0x113c/0x2f10
[  243.528167]  ? do_raw_spin_unlock+0x171/0x230
[  243.532647]  ? check_preemption_disabled+0x41/0x280
[  243.537648]  ? copy_mount_string+0x40/0x40
[  243.541871]  ? copy_mount_options+0x59/0x380
[  243.546268]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  243.551271]  ? kmem_cache_alloc_trace+0x323/0x380
[  243.556103]  ? copy_mount_options+0x26f/0x380
[  243.560592]  ksys_mount+0xcf/0x130
[  243.564120]  __x64_sys_mount+0xba/0x150
[  243.568095]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  243.572663]  do_syscall_64+0xf9/0x620
[  243.576471]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  243.581645] RIP: 0033:0x45c1f9
[  243.584828] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  243.603720] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  243.611410] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  243.618704] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  243.625956] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  243.633222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009
[  243.640487] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:09 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xfffffff0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:09 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:09 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(0xffffffffffffffff, r1, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:57:09 executing program 1 (fault-call:4 fault-nth:10):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:09 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xfffffff5, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  243.856949] FAULT_INJECTION: forcing a failure.
[  243.856949] name failslab, interval 1, probability 0, space 0, times 0
09:57:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:09 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  243.936894] CPU: 1 PID: 11155 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  243.944815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  243.954182] Call Trace:
[  243.956788]  dump_stack+0x1fc/0x2fe
[  243.960432]  should_fail.cold+0xa/0x14
[  243.964347]  ? setup_fault_attr+0x200/0x200
[  243.968690]  ? lock_acquire+0x170/0x3c0
[  243.972689]  __should_failslab+0x115/0x180
[  243.976946]  should_failslab+0x5/0xf
[  243.980678]  kmem_cache_alloc_trace+0x284/0x380
09:57:09 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  243.985369]  p9_client_create+0xaf/0x12e0
[  243.989537]  ? should_fail+0x142/0x7b0
[  243.993442]  ? fs_reclaim_release+0xd0/0x110
[  243.997871]  ? setup_fault_attr+0x200/0x200
[  244.002210]  ? lock_acquire+0x170/0x3c0
[  244.006207]  ? p9_client_flush+0x490/0x490
[  244.010474]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  244.015519]  ? __lockdep_init_map+0x100/0x5a0
[  244.020028]  ? __raw_spin_lock_init+0x28/0x100
[  244.024631]  v9fs_session_init+0x1dd/0x1770
[  244.028977]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  244.034090]  ? debug_check_no_obj_freed+0x201/0x482
[  244.039146]  ? v9fs_show_options+0x760/0x760
[  244.043575]  ? setup_fault_attr+0x200/0x200
[  244.047927]  ? lock_acquire+0x170/0x3c0
[  244.051914]  ? check_preemption_disabled+0x41/0x280
[  244.056947]  ? v9fs_mount+0x54/0x910
[  244.060679]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  244.065712]  ? kmem_cache_alloc_trace+0x323/0x380
[  244.070578]  v9fs_mount+0x73/0x910
[  244.074150]  mount_fs+0xa3/0x30c
[  244.077539]  vfs_kern_mount.part.0+0x68/0x470
[  244.082082]  do_mount+0x113c/0x2f10
[  244.085729]  ? do_raw_spin_unlock+0x171/0x230
[  244.090240]  ? check_preemption_disabled+0x41/0x280
[  244.095270]  ? copy_mount_string+0x40/0x40
[  244.099522]  ? copy_mount_options+0x59/0x380
[  244.103956]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  244.108987]  ? kmem_cache_alloc_trace+0x323/0x380
[  244.113849]  ? copy_mount_options+0x26f/0x380
[  244.118367]  ksys_mount+0xcf/0x130
[  244.121936]  __x64_sys_mount+0xba/0x150
[  244.125933]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  244.130536]  do_syscall_64+0xf9/0x620
[  244.134361]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  244.139561] RIP: 0033:0x45c1f9
[  244.142765] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  244.161675] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  244.169402] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  244.176684] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
09:57:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(0xffffffffffffffff, r1, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  244.184203] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  244.191489] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a
[  244.198779] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:10 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:10 executing program 3:
unshare(0x6c060000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$phonet(0x23, 0x2, 0x1)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=ANY=[@ANYBLOB=',\x00\x00\x00\x00', @ANYRES32=r5, @ANYBLOB="00000000f1ffffff000000000800010064727200"], 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012dbd7000fcdbdf253100000008000100000000000800db00", @ANYRES32, @ANYBLOB="0000000004053a824ecc3706572468f14cada3da1030cd85b4e0d6362d2c08d3aca62ee6f8a5f1fc6668b0f32673e2b7c359e9c3a945cb2ec1e628a71701b3ac7b6df77cc9820f912cb37927adf1f50b6e9be20fdbf8333c89aaad71c581904c2b647a4ade0df706d646d3349c5a5363e62624d3e1083656b6320d7882fcc9d0fbe21841f0365c86eb02b52910022779a6af58b6947ceaa0b6d46e1a2276d07e5e642288ab7ec1", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB='\b\x00R\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00R\x00', @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4045}, 0x20000011)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r6, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r6}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r6}}, 0x18}}, 0x0)
ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000140)={0x0, "34b45bdad707d055551db5492f35c6fc0b614d67bdb0088d791ba62ac0f15bc8", 0x3, 0x1})

09:57:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(0xffffffffffffffff, r1, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:57:10 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:10 executing program 1 (fault-call:4 fault-nth:11):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xfffffffc, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:10 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  244.396291] IPVS: ftp: loaded support on port[0] = 21
[  244.458293] FAULT_INJECTION: forcing a failure.
[  244.458293] name failslab, interval 1, probability 0, space 0, times 0
09:57:10 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  244.533665] CPU: 0 PID: 11204 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  244.541591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  244.550963] Call Trace:
[  244.553569]  dump_stack+0x1fc/0x2fe
[  244.557224]  should_fail.cold+0xa/0x14
[  244.561136]  ? setup_fault_attr+0x200/0x200
[  244.565506]  ? lock_acquire+0x170/0x3c0
[  244.569501]  __should_failslab+0x115/0x180
[  244.573755]  should_failslab+0x5/0xf
[  244.577486]  __kmalloc_track_caller+0x2a6/0x3c0
[  244.582168]  ? p9_client_create+0x43b/0x12e0
[  244.586597]  kstrdup+0x36/0x70
[  244.589818]  p9_client_create+0x43b/0x12e0
[  244.594074]  ? should_fail+0x142/0x7b0
[  244.597980]  ? setup_fault_attr+0x200/0x200
[  244.602320]  ? p9_client_flush+0x490/0x490
[  244.606580]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  244.611612]  ? __lockdep_init_map+0x100/0x5a0
[  244.616144]  ? __raw_spin_lock_init+0x28/0x100
[  244.620751]  v9fs_session_init+0x1dd/0x1770
[  244.625099]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  244.630222]  ? debug_check_no_obj_freed+0x201/0x482
[  244.635262]  ? v9fs_show_options+0x760/0x760
[  244.639691]  ? setup_fault_attr+0x200/0x200
[  244.644025]  ? lock_acquire+0x170/0x3c0
[  244.648016]  ? check_preemption_disabled+0x41/0x280
[  244.653049]  ? v9fs_mount+0x54/0x910
[  244.656785]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  244.661825]  ? kmem_cache_alloc_trace+0x323/0x380
[  244.666694]  v9fs_mount+0x73/0x910
[  244.670253]  mount_fs+0xa3/0x30c
[  244.673642]  vfs_kern_mount.part.0+0x68/0x470
[  244.678157]  do_mount+0x113c/0x2f10
09:57:10 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  244.681809]  ? retint_kernel+0x2d/0x2d
[  244.685715]  ? copy_mount_string+0x40/0x40
[  244.689971]  ? copy_mount_options+0x1f9/0x380
[  244.694482]  ? __sanitizer_cov_trace_pc+0x50/0x50
[  244.699347]  ? copy_mount_options+0x26f/0x380
[  244.703860]  ksys_mount+0xcf/0x130
[  244.707416]  __x64_sys_mount+0xba/0x150
[  244.711409]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  244.716009]  do_syscall_64+0xf9/0x620
[  244.719832]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  244.725036] RIP: 0033:0x45c1f9
[  244.728246] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  244.747161] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  244.754978] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  244.762261] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  244.769541] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  244.776823] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b
09:57:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0xffffffff, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  244.784106] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0xf, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:10 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  245.078150] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  245.107351] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  245.293785] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  245.315078] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
09:57:11 executing program 3:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="25bca274769e620a2734fa0095e0612687ecb86a548802a902000000000000004e2f98b579a782d257146d0e0206e73ba8f4952bedc6760253ef", 0xff9a, 0x400}], 0x0, &(0x7f0000000240)={[{@data_journal='data=journal'}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x88, 0x13, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x88}, 0x1, 0x0, 0x0, 0x24000000}, 0x82)

09:57:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:11 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:11 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0xc0, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:11 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:11 executing program 1 (fault-call:4 fault-nth:12):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:11 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:11 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  245.525651] FAULT_INJECTION: forcing a failure.
[  245.525651] name failslab, interval 1, probability 0, space 0, times 0
09:57:11 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0xec0, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  245.570463] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support!
[  245.631719] CPU: 1 PID: 11299 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  245.634822] EXT4-fs (loop3): invalid inodes per group: 242029655
[  245.634822] 
[  245.639636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  245.639642] Call Trace:
[  245.639666]  dump_stack+0x1fc/0x2fe
[  245.639693]  should_fail.cold+0xa/0x14
[  245.666748]  ? setup_fault_attr+0x200/0x200
[  245.671092]  ? lock_acquire+0x170/0x3c0
[  245.675090]  __should_failslab+0x115/0x180
09:57:11 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x33fe0, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  245.679335]  should_failslab+0x5/0xf
[  245.683066]  __kmalloc_track_caller+0x2a6/0x3c0
[  245.687756]  ? parse_opts.part.0+0x8e/0x340
[  245.692091]  ? __x64_sys_mount+0xba/0x150
[  245.696251]  kstrdup+0x36/0x70
[  245.699466]  parse_opts.part.0+0x8e/0x340
[  245.703629]  ? debug_check_no_obj_freed+0x201/0x482
[  245.708665]  ? p9_fd_show_options+0x1c0/0x1c0
[  245.713182]  ? lock_downgrade+0x720/0x720
[  245.717341]  ? lock_acquire+0x170/0x3c0
[  245.721333]  ? debug_check_no_obj_freed+0xb5/0x482
[  245.728634]  ? trace_hardirqs_off+0x64/0x200
[  245.733067]  p9_fd_create+0x9b/0x380
[  245.736798]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  245.741138]  ? __startup_64+0x44/0x240
[  245.745046]  ? p9_client_create+0x7b1/0x12e0
[  245.749475]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  245.754080]  p9_client_create+0x813/0x12e0
[  245.758339]  ? setup_fault_attr+0x200/0x200
[  245.762686]  ? p9_client_flush+0x490/0x490
[  245.767039]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  245.772077]  ? __lockdep_init_map+0x100/0x5a0
[  245.776593]  ? __raw_spin_lock_init+0x28/0x100
09:57:11 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x200003b4, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  245.781205]  v9fs_session_init+0x1dd/0x1770
[  245.785561]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  245.790737]  ? debug_check_no_obj_freed+0x201/0x482
[  245.795776]  ? v9fs_show_options+0x760/0x760
[  245.800209]  ? setup_fault_attr+0x200/0x200
[  245.804557]  ? lock_acquire+0x170/0x3c0
[  245.808541]  ? check_preemption_disabled+0x41/0x280
[  245.813551]  ? v9fs_mount+0x54/0x910
[  245.817283]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  245.822291]  ? kmem_cache_alloc_trace+0x323/0x380
[  245.827125]  v9fs_mount+0x73/0x910
[  245.830661]  mount_fs+0xa3/0x30c
[  245.834018]  vfs_kern_mount.part.0+0x68/0x470
[  245.838579]  do_mount+0x113c/0x2f10
[  245.842196]  ? lock_acquire+0x170/0x3c0
[  245.846154]  ? check_preemption_disabled+0x41/0x280
[  245.851157]  ? copy_mount_string+0x40/0x40
[  245.855377]  ? copy_mount_options+0x59/0x380
[  245.859786]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  245.864790]  ? kmem_cache_alloc_trace+0x323/0x380
[  245.869618]  ? copy_mount_options+0x26f/0x380
[  245.874104]  ksys_mount+0xcf/0x130
[  245.877636]  __x64_sys_mount+0xba/0x150
[  245.881597]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  245.886170]  do_syscall_64+0xf9/0x620
[  245.889962]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  245.895138] RIP: 0033:0x45c1f9
[  245.898317] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  245.917204] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  245.924897] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
09:57:11 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  245.932151] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  245.939514] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  245.946772] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c
[  245.954026] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  246.017672] 9pnet: Insufficient options for proto=fd
[  246.056107] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  246.083687] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (20009)
09:57:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:12 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0xa5, 0x0, 0x41c1, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, @perf_config_ext, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r2)
ioctl$VIDIOC_S_AUDOUT(r1, 0x40345632, &(0x7f0000000000)={0x80000001, "2e4c28b28634ec0e17a63ce55c594ba0376ead31a68f5e95743ed8b2d2125f8b", 0x0, 0x1})
write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="87b3fda63b200fc8958b2a79608d1803a2584e5032dab3c165aca96294a5"], 0x41)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x169, 0x4)
write$P9_RGETATTR(r1, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000780)={@in={{0x2, 0x0, @local}}, 0x0, 0x9, 0x6}, 0xd8)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0x2, 0x4e24, 0x0, @private1}, {0x2, 0x0, 0x0, @loopback}}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @ib={0x1b, 0x5, 0x0, {"0e72d06c8f2a517b1ae9dd682e343808"}, 0x9fa, 0xba8, 0x4}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x9e}}}}, 0x118)
bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x5, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000080)={0x9, 0x3})
recvmsg(r3, &(0x7f0000000240)={0x0, 0xfffffffffffffd83, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x5695}], 0x1, 0x0, 0xf080}, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000600)=ANY=[@ANYRESDEC, @ANYRESDEC], 0x1000001bd)

09:57:12 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:12 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x7ffff000, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:12 executing program 1 (fault-call:4 fault-nth:13):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:12 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:12 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  246.198199] FAULT_INJECTION: forcing a failure.
[  246.198199] name failslab, interval 1, probability 0, space 0, times 0
[  246.241304] CPU: 1 PID: 11345 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  246.249225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.258583] Call Trace:
[  246.261178]  dump_stack+0x1fc/0x2fe
[  246.264798]  should_fail.cold+0xa/0x14
[  246.268676]  ? setup_fault_attr+0x200/0x200
[  246.272989]  ? lock_acquire+0x170/0x3c0
[  246.276960]  __should_failslab+0x115/0x180
[  246.281203]  should_failslab+0x5/0xf
[  246.284906]  __kmalloc_track_caller+0x2a6/0x3c0
[  246.289568]  ? parse_opts.part.0+0x8e/0x340
[  246.293901]  ? __x64_sys_mount+0xba/0x150
[  246.298044]  kstrdup+0x36/0x70
[  246.301226]  parse_opts.part.0+0x8e/0x340
[  246.305394]  ? debug_check_no_obj_freed+0x201/0x482
[  246.310420]  ? p9_fd_show_options+0x1c0/0x1c0
[  246.314917]  ? lock_downgrade+0x720/0x720
[  246.319077]  ? lock_acquire+0x170/0x3c0
[  246.323069]  ? debug_check_no_obj_freed+0xb5/0x482
[  246.327997]  ? trace_hardirqs_off+0x64/0x200
[  246.332402]  p9_fd_create+0x9b/0x380
[  246.336106]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  246.340416]  ? __startup_64+0x44/0x240
[  246.344298]  ? p9_client_create+0x7b1/0x12e0
[  246.348695]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  246.353267]  p9_client_create+0x813/0x12e0
[  246.357492]  ? setup_fault_attr+0x200/0x200
[  246.361803]  ? p9_client_flush+0x490/0x490
[  246.366031]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  246.371065]  ? __lockdep_init_map+0x100/0x5a0
[  246.375548]  ? __raw_spin_lock_init+0x28/0x100
[  246.380121]  v9fs_session_init+0x1dd/0x1770
[  246.384440]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  246.389532]  ? debug_check_no_obj_freed+0x201/0x482
[  246.394538]  ? v9fs_show_options+0x760/0x760
[  246.398947]  ? setup_fault_attr+0x200/0x200
[  246.403255]  ? lock_acquire+0x170/0x3c0
[  246.407215]  ? check_preemption_disabled+0x41/0x280
[  246.412222]  ? v9fs_mount+0x54/0x910
[  246.415930]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  246.420940]  ? kmem_cache_alloc_trace+0x323/0x380
[  246.425774]  v9fs_mount+0x73/0x910
[  246.429304]  mount_fs+0xa3/0x30c
[  246.432671]  vfs_kern_mount.part.0+0x68/0x470
[  246.437154]  do_mount+0x113c/0x2f10
[  246.440774]  ? lock_acquire+0x170/0x3c0
[  246.444741]  ? check_preemption_disabled+0x41/0x280
[  246.449747]  ? copy_mount_string+0x40/0x40
[  246.453967]  ? copy_mount_options+0x59/0x380
[  246.458365]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  246.463542]  ? kmem_cache_alloc_trace+0x323/0x380
[  246.468372]  ? copy_mount_options+0x26f/0x380
[  246.472855]  ksys_mount+0xcf/0x130
[  246.476384]  __x64_sys_mount+0xba/0x150
[  246.480372]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  246.484971]  do_syscall_64+0xf9/0x620
[  246.488770]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.493950] RIP: 0033:0x45c1f9
[  246.497131] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  246.516018] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  246.523732] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  246.531002] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
09:57:12 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0xfffffdef, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  246.538357] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  246.545614] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000d
[  246.552869] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:12 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  246.584610] 9pnet: Insufficient options for proto=fd
09:57:12 executing program 1 (fault-call:4 fault-nth:14):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:12 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:12 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:12 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(r1, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  246.742478] FAULT_INJECTION: forcing a failure.
[  246.742478] name failslab, interval 1, probability 0, space 0, times 0
[  246.821774] CPU: 0 PID: 11369 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  246.829696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  246.839071] Call Trace:
[  246.841686]  dump_stack+0x1fc/0x2fe
[  246.845346]  should_fail.cold+0xa/0x14
[  246.849350]  ? setup_fault_attr+0x200/0x200
[  246.853694]  ? lock_acquire+0x170/0x3c0
[  246.857692]  __should_failslab+0x115/0x180
[  246.861950]  should_failslab+0x5/0xf
[  246.865678]  __kmalloc+0x2ab/0x3c0
[  246.869232]  ? match_number+0xad/0x230
[  246.873138]  match_number+0xad/0x230
[  246.876870]  ? match_strdup+0xa0/0xa0
[  246.880688]  ? __kmalloc_track_caller+0x389/0x3c0
[  246.885553]  ? parse_opts.part.0+0x8e/0x340
[  246.889892]  ? memcpy+0x35/0x50
[  246.893191]  parse_opts.part.0+0x1f4/0x340
[  246.897454]  ? p9_fd_show_options+0x1c0/0x1c0
[  246.901970]  ? lock_downgrade+0x720/0x720
[  246.906131]  ? lock_acquire+0x170/0x3c0
[  246.910124]  ? trace_hardirqs_off+0x64/0x200
[  246.914561]  p9_fd_create+0x9b/0x380
[  246.918294]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  246.922631]  ? __startup_64+0x44/0x240
[  246.926662]  ? p9_client_create+0x7b1/0x12e0
[  246.931099]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  246.935808]  p9_client_create+0x813/0x12e0
[  246.940064]  ? setup_fault_attr+0x200/0x200
[  246.944404]  ? p9_client_flush+0x490/0x490
[  246.948667]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  246.953706]  ? __lockdep_init_map+0x100/0x5a0
[  246.958225]  ? __raw_spin_lock_init+0x28/0x100
[  246.962833]  v9fs_session_init+0x1dd/0x1770
[  246.967179]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  246.972301]  ? debug_check_no_obj_freed+0x201/0x482
[  246.977346]  ? v9fs_show_options+0x760/0x760
[  246.981781]  ? setup_fault_attr+0x200/0x200
[  246.986124]  ? lock_acquire+0x170/0x3c0
[  246.990121]  ? check_preemption_disabled+0x41/0x280
[  246.995156]  ? v9fs_mount+0x54/0x910
[  246.998907]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  247.003949]  ? kmem_cache_alloc_trace+0x323/0x380
[  247.008810]  v9fs_mount+0x73/0x910
[  247.012374]  mount_fs+0xa3/0x30c
[  247.015750]  vfs_kern_mount.part.0+0x68/0x470
[  247.020292]  do_mount+0x113c/0x2f10
[  247.023928]  ? do_raw_spin_unlock+0x171/0x230
[  247.028422]  ? check_preemption_disabled+0x41/0x280
[  247.033449]  ? copy_mount_string+0x40/0x40
[  247.037683]  ? copy_mount_options+0x59/0x380
[  247.042104]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  247.047144]  ? kmem_cache_alloc_trace+0x323/0x380
[  247.051993]  ? copy_mount_options+0x26f/0x380
[  247.056491]  ksys_mount+0xcf/0x130
[  247.060043]  __x64_sys_mount+0xba/0x150
[  247.064019]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  247.068601]  do_syscall_64+0xf9/0x620
[  247.072408]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  247.077598] RIP: 0033:0x45c1f9
[  247.080794] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  247.099697] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  247.107416] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  247.114687] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  247.121958] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  247.129227] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000e
[  247.136498] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  247.158658] 9pnet: Insufficient options for proto=fd
09:57:13 executing program 3:
clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x40, 0x0)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000001c0)=0x8, 0x4)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000280))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4020f, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b702000000400400bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000000000812d6405000000000025040000010000001704000009000a40b7040000000100006a0a00fe00000000850000001a000000b7000000000000009500000000000000a93e90832ff9d40a409f01f6147c8f6fd267bf410e76c540106f89ec68823ce3c4bcc4ce81e97719ea969f2a019a6137ad1efc966f1cfdc4ea29f673efc20c07ec082bc6de68ab0a5ebf4ee60253516cc871311ab25868e1d9a014263697ca83c57fc2ead0d85a2bcc922a3aa71489fa000000004bcff56cf5a84cefb43ea72351190a711fd2b83a3596d80729476ab7140606791e81960ea313ea74c2cde2dedd424a4596f98e3e70a6f1d8abce75f01dbb60bdf7316a4fed35f16ae8b3aa4c6dd4880c76e5837f39a161b050abc5a34588ea19114caebb79951084e7113c77ae25a0121de52e5e8cceddf2cb4b9895a592558509d6bc95bfb57834fdb2b8c0738fda3ea38c09e75b1f39ae8af2c746fbb43e3530767d8ee296487c0e650ead90030000008fee2e02ece680c0d3d19b2b62fc202240219f497e89548a2977f86137ecb5753dfc87f148ed2392ef113cbe241a98b4e8f3bf878f1dc0e115ddfe318f54369bc8dfd3a4ea21259ed518ae80606ef83d69b9d0d972b2211d05b2e31dbf49ca69bdb022a6cff57d5f16769d1605e8045c6880b425f8575f9a3a7e1b7174281ab87fba93555853df9dbd3da536d88168217230eabfaf7ff9b0146acffea06f3b0ba7b7357ba84c953523e92ee8cc4d8be0050000002c305d59cb68bff089979504c71418bd62ec60cfae7d75ce2adc8d4b2eabae5937b47e07da3f62be170ac03ca60b10c8123a7ae91659fc79fc36c84dd1b2b8972c5c2544e3b50acd3b00000000000d62fae930c2308e2401bb761565ac4eda4ca118ebbe000000000000000000000000000000a52d598dbcfeb90dd310175435c843624027f7d55431a5756e4be9698bcd550c272c391cf24ea56d016e1f21b5999e1448f8784db63fd4f36ec144c67fcdd41c8ba146dc7d3fb07d00000000efcd74ad8d0b15234dab4da83fa33391a2925b49f6040087cfaa9f83a6cdb0e031d9eb6cbff6eba616992f3ba6c277e7820a84365d650b9f057394a543c3210df7268ec32ac38db9d3062571ec8eb3290bb4a823674e89cf1716d4bc9fac0c47d854632a1d943a9dc58e6f4d0b687a055983a46fdd52f3c87506ae419c604f62b56ad1420eca5484ee0092563332124c612f00"], &(0x7f0000000100)='GPL\x00'}, 0x48)
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000040)=[{&(0x7f0000000640)="8a", 0x1}], 0x1, 0x0)

09:57:13 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:13 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:13 executing program 1 (fault-call:4 fault-nth:15):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:13 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(r1, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

09:57:13 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x0, 0x2, r2})
dup3(r1, 0xffffffffffffffff, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  247.647958] FAULT_INJECTION: forcing a failure.
[  247.647958] name failslab, interval 1, probability 0, space 0, times 0
[  247.707522] CPU: 0 PID: 11408 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  247.715453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.724841] Call Trace:
[  247.727461]  dump_stack+0x1fc/0x2fe
[  247.731115]  should_fail.cold+0xa/0x14
[  247.735024]  ? setup_fault_attr+0x200/0x200
[  247.739362]  ? lock_acquire+0x170/0x3c0
[  247.743359]  __should_failslab+0x115/0x180
[  247.747597]  should_failslab+0x5/0xf
[  247.751309]  __kmalloc+0x2ab/0x3c0
[  247.754850]  ? match_number+0xad/0x230
[  247.758740]  match_number+0xad/0x230
[  247.762457]  ? match_strdup+0xa0/0xa0
[  247.766261]  ? __kmalloc_track_caller+0x389/0x3c0
[  247.771107]  ? parse_opts.part.0+0x8e/0x340
[  247.775445]  ? memcpy+0x35/0x50
[  247.778730]  parse_opts.part.0+0x1f4/0x340
[  247.782983]  ? p9_fd_show_options+0x1c0/0x1c0
[  247.787502]  ? lock_downgrade+0x720/0x720
[  247.791655]  ? lock_acquire+0x170/0x3c0
[  247.795633]  ? trace_hardirqs_off+0x64/0x200
[  247.800050]  p9_fd_create+0x9b/0x380
[  247.803763]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  247.808082]  ? __startup_64+0x44/0x240
[  247.811971]  ? p9_client_create+0x7b1/0x12e0
[  247.816381]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  247.820965]  p9_client_create+0x813/0x12e0
[  247.825207]  ? setup_fault_attr+0x200/0x200
[  247.829532]  ? p9_client_flush+0x490/0x490
[  247.833776]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  247.838805]  ? __lockdep_init_map+0x100/0x5a0
[  247.843302]  ? __raw_spin_lock_init+0x28/0x100
[  247.847892]  v9fs_session_init+0x1dd/0x1770
[  247.852221]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  247.857324]  ? debug_check_no_obj_freed+0x201/0x482
[  247.862342]  ? v9fs_show_options+0x760/0x760
[  247.866748]  ? setup_fault_attr+0x200/0x200
[  247.871068]  ? lock_acquire+0x170/0x3c0
[  247.875039]  ? check_preemption_disabled+0x41/0x280
[  247.880056]  ? v9fs_mount+0x54/0x910
[  247.883770]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  247.888791]  ? kmem_cache_alloc_trace+0x323/0x380
[  247.893642]  v9fs_mount+0x73/0x910
[  247.897186]  mount_fs+0xa3/0x30c
[  247.900556]  vfs_kern_mount.part.0+0x68/0x470
[  247.905053]  do_mount+0x113c/0x2f10
[  247.908948]  ? copy_mount_string+0x40/0x40
[  247.913204]  ? copy_mount_options+0x190/0x380
[  247.917696]  ? copy_mount_options+0x1ab/0x380
[  247.922189]  ? copy_mount_options+0x26f/0x380
[  247.926682]  ksys_mount+0xcf/0x130
[  247.930220]  __x64_sys_mount+0xba/0x150
[  247.934193]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  247.938782]  do_syscall_64+0xf9/0x620
[  247.942589]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  247.947774] RIP: 0033:0x45c1f9
[  247.950968] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  247.969865] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  247.977571] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  247.984837] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  247.992102] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  247.999394] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000f
09:57:13 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:13 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  248.006660] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:14 executing program 4:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:14 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x4, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  248.400091] 9pnet: Insufficient options for proto=fd
09:57:14 executing program 2:
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:14 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:14 executing program 4:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:14 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x8, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:14 executing program 1 (fault-call:4 fault-nth:16):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:14 executing program 3:
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$binderN(0x0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x200, 0x4)
bind$inet(r1, &(0x7f00000003c0)={0x2, 0x200000000004e23}, 0x10)
setsockopt$RDS_GET_MR_FOR_DEST(r0, 0x114, 0x7, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$IMDELTIMER(r3, 0x80044941, &(0x7f0000000000)=0x1)
prctl$PR_SET_FPEXC(0xc, 0x40000)
dup(0xffffffffffffffff)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='yeah\x00', 0x5)
sendto$inet(r1, 0x0, 0xfffffeed, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x8, 0x0}}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x11, &(0x7f0000000200)=""/20, 0x14, 0x9ac42000}, 0x100)
write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYRESHEX], 0xfffffffffffffcf4)

09:57:14 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  248.566103] FAULT_INJECTION: forcing a failure.
[  248.566103] name failslab, interval 1, probability 0, space 0, times 0
09:57:14 executing program 4:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  248.632268] CPU: 1 PID: 11458 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  248.640194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  248.649556] Call Trace:
[  248.652171]  dump_stack+0x1fc/0x2fe
[  248.655811]  should_fail.cold+0xa/0x14
[  248.659706]  ? setup_fault_attr+0x200/0x200
[  248.664035]  ? lock_acquire+0x170/0x3c0
[  248.668017]  __should_failslab+0x115/0x180
[  248.672257]  should_failslab+0x5/0xf
[  248.675973]  __kmalloc+0x2ab/0x3c0
[  248.679521]  ? match_number+0xad/0x230
[  248.683414]  match_number+0xad/0x230
[  248.687129]  ? match_strdup+0xa0/0xa0
[  248.690937]  ? __kmalloc_track_caller+0x389/0x3c0
[  248.695788]  ? parse_opts.part.0+0x8e/0x340
[  248.700110]  ? memcpy+0x35/0x50
[  248.703396]  parse_opts.part.0+0x1f4/0x340
[  248.707637]  ? p9_fd_show_options+0x1c0/0x1c0
[  248.712150]  ? lock_downgrade+0x720/0x720
[  248.716301]  ? lock_acquire+0x170/0x3c0
[  248.720280]  ? trace_hardirqs_off+0x64/0x200
[  248.724697]  p9_fd_create+0x9b/0x380
[  248.728413]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  248.732738]  ? __startup_64+0x44/0x240
[  248.736634]  ? p9_client_create+0x7b1/0x12e0
[  248.741050]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  248.745643]  p9_client_create+0x813/0x12e0
[  248.749889]  ? setup_fault_attr+0x200/0x200
[  248.754214]  ? p9_client_flush+0x490/0x490
[  248.758459]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  248.763477]  ? __lockdep_init_map+0x100/0x5a0
[  248.767975]  ? __raw_spin_lock_init+0x28/0x100
[  248.772565]  v9fs_session_init+0x1dd/0x1770
[  248.776895]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  248.782001]  ? debug_check_no_obj_freed+0x201/0x482
[  248.787020]  ? v9fs_show_options+0x760/0x760
[  248.791431]  ? setup_fault_attr+0x200/0x200
[  248.795759]  ? lock_acquire+0x170/0x3c0
[  248.799741]  ? check_preemption_disabled+0x41/0x280
[  248.804775]  ? v9fs_mount+0x54/0x910
[  248.808501]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  248.813524]  ? kmem_cache_alloc_trace+0x323/0x380
[  248.818375]  v9fs_mount+0x73/0x910
[  248.821926]  mount_fs+0xa3/0x30c
[  248.825300]  vfs_kern_mount.part.0+0x68/0x470
[  248.829800]  do_mount+0x113c/0x2f10
[  248.833439]  ? do_raw_spin_unlock+0x171/0x230
[  248.837937]  ? check_preemption_disabled+0x41/0x280
[  248.842960]  ? copy_mount_string+0x40/0x40
[  248.847200]  ? copy_mount_options+0x59/0x380
[  248.851622]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  248.856643]  ? kmem_cache_alloc_trace+0x323/0x380
[  248.861495]  ? copy_mount_options+0x26f/0x380
[  248.866118]  ksys_mount+0xcf/0x130
[  248.869670]  __x64_sys_mount+0xba/0x150
[  248.873660]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  248.878250]  do_syscall_64+0xf9/0x620
[  248.882065]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  248.887606] RIP: 0033:0x45c1f9
[  248.890804] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  248.909797] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  248.917513] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  248.924791] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
09:57:14 executing program 3:
clock_nanosleep(0x2, 0x0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = open(0x0, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00')
sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000440)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000126bd7000fcdbdf25010000080c00021e0f20dc4d17f5b0000c00030002000000000000000c00020000080000000000000c0007800800010030db637f89e3b24c81edb14df9c63a8aeae3d51e4e1d3f5a6b95c7371ac64719c47e3af10f92b56e04fc0198304fe558f98995e738db2bda278ff87f092fa0064d86cb14a0713e824a28dbfa6dc51b7abab70d0848e9e5adc23bddb004d5d60cf0aabf0ce506d32f6670f9bb0579b6ec680c3cd717403173838f40d0494271f16524ecbcfda8ee8f2ac575b56e34b821b34e8bf64fee58172c1405dd133a1a0284f33d5c1ee1cded5950cc326f893747dbd304861dc700000000000000000000509e095967afe08d0b16259d4e090ab4b859b262575f45707022f100e8028a7d0ae658591be9ac99fd98184d0cbd113e879e59c651c71e4abac84b727088999ad6627ce8786716962bf747ff1af403cab9e585182d01e1fb9c5bac51e63c3ba1b7339725071ae6ff25d41d70cbf98ad2c4cada2337d47834f2f3366e3e7c4f42c722796d6d2036fd74c4c67c39ac61a6de67a582055c23b1cfe3e8fe9d211e0f09f9cd554050e1279b669876681b2714c33440bf28031c06486b2460d98a8c11c49d25fa6bd8dbce", @ANYRES32=r0, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x1000)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
ptrace$peekuser(0x3, 0xffffffffffffffff, 0x0)
ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05)
recvfrom$inet6(r0, &(0x7f00000000c0)=""/242, 0xf2, 0x40000000, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private1, 0x3}, 0x1c)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0)
perf_event_open(&(0x7f0000000700)={0x4, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100, 0x100}, 0x0, 0x0, 0x8, 0x2, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)
shmget(0xffffffffffffffff, 0x1000, 0x8, &(0x7f0000ffe000/0x1000)=nil)
socket$packet(0x11, 0x2, 0x300)
close(0xffffffffffffffff)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2b, &(0x7f00000002c0)="e5220d64eadfbd3adb0c443c74f8abfe81703f8a7e330cbe4daaec66ec16b704e309cf743aca3df2dae2fc9e0a4e2b196c7356e20ee25b357f962d1f040681db1b1a681ccd4a109e438f5817e094a75642f3ed759dd1bd94f9230286732117aee6df8fe63f99250b836aa879f72c03eefee1298cac60f218eb0242c80dee421a170f316864a9ae6b323ed5cfbc3179e0df2f6ff39680113329c81bc5234a21b23868210785836ed4fa9e0f1a98aecd349d553063eadd169c1bc433d1b14de1f02ba450f3a9e8d9c7203ee1f21175b67ee8375488a883f44d6f9f2d0cbb15", 0xde)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000)=0x201, 0x4)

09:57:14 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0xe, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  248.932064] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  248.939345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
[  248.946627] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:15 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  249.038201] ptrace attach of "/root/syz-executor.2"[11466] was attempted by "/root/syz-executor.2"[11470]
09:57:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  249.113362] 9pnet: Insufficient options for proto=fd
09:57:15 executing program 2:
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:15 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0xf, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:15 executing program 1 (fault-call:4 fault-nth:17):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:15 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  249.391201] FAULT_INJECTION: forcing a failure.
[  249.391201] name failslab, interval 1, probability 0, space 0, times 0
09:57:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  249.471751] CPU: 0 PID: 11503 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  249.479685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  249.489052] Call Trace:
[  249.491657]  dump_stack+0x1fc/0x2fe
[  249.495308]  should_fail.cold+0xa/0x14
[  249.499217]  ? setup_fault_attr+0x200/0x200
[  249.503560]  ? v9fs_session_init+0x1dd/0x1770
[  249.508080]  ? v9fs_mount+0x73/0x910
[  249.511812]  ? mount_fs+0xa3/0x30c
[  249.515383]  __should_failslab+0x115/0x180
[  249.519637]  should_failslab+0x5/0xf
[  249.523374]  kmem_cache_alloc+0x277/0x370
[  249.527549]  p9_client_prepare_req.part.0+0x3a/0x8e0
[  249.532680]  p9_client_rpc+0x21c/0x1440
[  249.536675]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[  249.541808]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  249.546940]  ? p9_client_prepare_req.part.0+0x8e0/0x8e0
[  249.552335]  ? p9_conn_create+0x4e0/0x4e0
[  249.556506]  ? pipe_poll+0x2a1/0x310
[  249.560237]  ? generic_pipe_buf_confirm+0x10/0x10
[  249.565102]  ? p9_fd_poll+0x1db/0x2c0
[  249.568926]  ? p9_conn_create+0x3ce/0x4e0
[  249.573096]  ? p9_fd_create+0x262/0x380
[  249.577089]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  249.581429]  ? p9_client_create+0x7b1/0x12e0
[  249.585856]  p9_client_create+0xa88/0x12e0
[  249.590114]  ? setup_fault_attr+0x200/0x200
[  249.594451]  ? p9_client_flush+0x490/0x490
[  249.598709]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  249.603723]  ? __lockdep_init_map+0x100/0x5a0
[  249.608403]  ? __raw_spin_lock_init+0x28/0x100
[  249.612985]  v9fs_session_init+0x1dd/0x1770
[  249.617301]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  249.622392]  ? debug_check_no_obj_freed+0x201/0x482
[  249.627399]  ? v9fs_show_options+0x760/0x760
[  249.631795]  ? setup_fault_attr+0x200/0x200
[  249.636105]  ? lock_acquire+0x170/0x3c0
[  249.640067]  ? check_preemption_disabled+0x41/0x280
[  249.645092]  ? v9fs_mount+0x54/0x910
[  249.648800]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  249.653816]  ? kmem_cache_alloc_trace+0x323/0x380
[  249.658666]  v9fs_mount+0x73/0x910
[  249.662200]  mount_fs+0xa3/0x30c
[  249.665557]  vfs_kern_mount.part.0+0x68/0x470
[  249.670039]  do_mount+0x113c/0x2f10
[  249.673663]  ? lock_acquire+0x170/0x3c0
[  249.677645]  ? check_preemption_disabled+0x41/0x280
[  249.682653]  ? copy_mount_string+0x40/0x40
[  249.686877]  ? copy_mount_options+0x59/0x380
[  249.691381]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  249.696387]  ? kmem_cache_alloc_trace+0x323/0x380
[  249.701219]  ? copy_mount_options+0x26f/0x380
[  249.705707]  ksys_mount+0xcf/0x130
[  249.709233]  __x64_sys_mount+0xba/0x150
[  249.713196]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  249.717766]  do_syscall_64+0xf9/0x620
[  249.721559]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  249.726734] RIP: 0033:0x45c1f9
[  249.729915] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  249.748801] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  249.756498] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  249.763753] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
09:57:15 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:15 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x60, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  249.771007] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  249.778262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011
[  249.785518] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
[  249.869166] ptrace attach of "/root/syz-executor.2"[11521] was attempted by "/root/syz-executor.2"[11525]
[  249.932350] IPVS: ftp: loaded support on port[0] = 21
[  250.069061] IPVS: ftp: loaded support on port[0] = 21
09:57:16 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0xdd, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:16 executing program 1 (fault-call:4 fault-nth:18):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:16 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  250.195190] FAULT_INJECTION: forcing a failure.
[  250.195190] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  250.207039] CPU: 0 PID: 11589 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  250.214932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  250.224299] Call Trace:
[  250.226909]  dump_stack+0x1fc/0x2fe
[  250.230565]  should_fail.cold+0xa/0x14
[  250.234476]  ? setup_fault_attr+0x200/0x200
[  250.238825]  __alloc_pages_nodemask+0x239/0x2890
[  250.243606]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[  250.249515]  ? is_bpf_text_address+0xd5/0x1b0
[  250.254040]  ? lock_downgrade+0x720/0x720
[  250.258212]  ? lock_acquire+0x170/0x3c0
[  250.262208]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  250.267061]  ? __lock_acquire+0x6de/0x3ff0
[  250.271473]  ? mark_held_locks+0xf0/0xf0
[  250.275536]  cache_grow_begin+0xa4/0x8a0
[  250.279589]  ? setup_fault_attr+0x200/0x200
[  250.283902]  ? v9fs_mount+0x73/0x910
[  250.287609]  cache_alloc_refill+0x273/0x340
[  250.291924]  kmem_cache_alloc+0x346/0x370
[  250.296074]  p9_client_prepare_req.part.0+0x3a/0x8e0
[  250.301227]  p9_client_rpc+0x21c/0x1440
[  250.305190]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[  250.310300]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  250.315403]  ? p9_client_prepare_req.part.0+0x8e0/0x8e0
[  250.320781]  ? p9_conn_create+0x4e0/0x4e0
[  250.324919]  ? pipe_poll+0x2a1/0x310
[  250.328624]  ? generic_pipe_buf_confirm+0x10/0x10
[  250.333457]  ? p9_fd_poll+0x1db/0x2c0
[  250.337246]  ? p9_conn_create+0x3ce/0x4e0
[  250.341394]  ? p9_fd_create+0x262/0x380
[  250.345366]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  250.349674]  ? p9_client_create+0x7b1/0x12e0
[  250.354160]  p9_client_create+0xa88/0x12e0
[  250.358386]  ? setup_fault_attr+0x200/0x200
[  250.362699]  ? p9_client_flush+0x490/0x490
[  250.366924]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  250.371928]  ? __lockdep_init_map+0x100/0x5a0
[  250.376409]  ? __raw_spin_lock_init+0x28/0x100
[  250.380981]  v9fs_session_init+0x1dd/0x1770
[  250.385295]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  250.390386]  ? debug_check_no_obj_freed+0x201/0x482
[  250.395390]  ? v9fs_show_options+0x760/0x760
[  250.399791]  ? setup_fault_attr+0x200/0x200
[  250.404100]  ? lock_acquire+0x170/0x3c0
[  250.408061]  ? check_preemption_disabled+0x41/0x280
[  250.413095]  ? v9fs_mount+0x54/0x910
[  250.416798]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  250.421803]  ? kmem_cache_alloc_trace+0x323/0x380
[  250.426636]  v9fs_mount+0x73/0x910
[  250.430167]  mount_fs+0xa3/0x30c
[  250.433522]  vfs_kern_mount.part.0+0x68/0x470
[  250.438003]  do_mount+0x113c/0x2f10
[  250.441624]  ? lock_acquire+0x170/0x3c0
[  250.445608]  ? check_preemption_disabled+0x41/0x280
[  250.450618]  ? copy_mount_string+0x40/0x40
[  250.454838]  ? copy_mount_options+0x59/0x380
[  250.459236]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  250.464240]  ? kmem_cache_alloc_trace+0x323/0x380
[  250.469092]  ? copy_mount_options+0x26f/0x380
[  250.473602]  ksys_mount+0xcf/0x130
[  250.477140]  __x64_sys_mount+0xba/0x150
[  250.481130]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  250.485711]  do_syscall_64+0xf9/0x620
[  250.489533]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  250.494714] RIP: 0033:0x45c1f9
[  250.497900] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  250.516786] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  250.524480] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  250.531735] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  250.538986] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
09:57:16 executing program 2:
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:16 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0)
bind$llc(r1, &(0x7f0000000040), 0x10)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100001040000000000db59b2b81f0000", @ANYRES32=r3, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x1, 0x803, 0x0)
r6 = gettid()
tkill(r6, 0x40)
syz_open_procfs(r6, &(0x7f0000000000)='net/dev\x00')
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = dup2(r8, r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000001400b59500000000000000000a000000", @ANYRES32=r7, @ANYBLOB="140002000000e0"], 0x2c}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x8c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x194ab, 0x4f070}, [@IFLA_PORT_SELF={0x30, 0x19, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "a1e8e50e95ed4ec33fabaa660dbae929"}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_REQUEST={0x5}]}, @IFLA_GROUP={0x8}, @IFLA_MAP={0x24}, @IFLA_MTU={0x8}, @IFLA_MTU={0x8}]}, 0x8c}}, 0x0)

09:57:16 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  250.546342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012
[  250.553617] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x0, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:16 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x1b2, 0x4)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = dup3(r1, r2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10)
sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @local}, 0x10)
sendto$inet(r2, &(0x7f00003cef9f)='7', 0xfffa, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB="14000000", @ANYRES32=0x0, @ANYRES32=<r4=>0x0], &(0x7f0000a8a000)=0xc)
bind$alg(r3, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x7a, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b005)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x4000000000000d7, 0x0)

09:57:16 executing program 0:
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  250.714639] ptrace attach of "/root/syz-executor.2"[11598] was attempted by "/root/syz-executor.2"[11607]
09:57:16 executing program 0:
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  250.807752] netlink: 'syz-executor.5': attribute type 7 has an invalid length.
09:57:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x3, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:16 executing program 1 (fault-call:4 fault-nth:19):
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:16 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:16 executing program 0:
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = dup(r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:17 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x4, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:17 executing program 3:
r0 = socket$inet6(0xa, 0x80003, 0x3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00')
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$TIOCGPKT(r8, 0x80045438, &(0x7f00000004c0))
sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000140)={0x0, 0xf0ffffff, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r3, 0x711, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f0000000440)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f0000000580)={0x58, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x20}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}]}, 0x58}, 0x1, 0x0, 0x0, 0x40000010}, 0x8000)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x210, 0x4c, 0x274, 0x0, 0x0, 0x300, 0x318, 0x318, 0x300, 0x318, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, [], 0x28}, @ipv4={[], [], @empty}, [0xff, 0xffffffff, 0x0, 0xff000000], [0xff, 0xff, 0x0, 0xffffff00], 'batadv_slave_0\x00', 'veth0_to_bridge\x00', {}, {0xff}, 0x1e, 0x2, 0x4, 0x2}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8, 'recent\x00'}, {0x0, 0x2, 0x2, 0x0, 'syz0\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x5}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', {0xfffffffffffffffe}}}}, {{@ipv6={@remote, @empty, [0xffffffff, 0xffffffff, 0xff000000, 0xffffff00], [0xff, 0x0, 0xffffffff, 0xffffffff], 'veth1_to_team\x00', 'ip6gre0\x00', {0xff}, {}, 0xff, 0x40, 0x3, 0x3d}, 0x0, 0xd0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x8}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)

[  251.095561] FAULT_INJECTION: forcing a failure.
[  251.095561] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  251.107400] CPU: 1 PID: 11639 Comm: syz-executor.1 Not tainted 4.19.134-syzkaller #0
[  251.115278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  251.124631] Call Trace:
[  251.127216]  dump_stack+0x1fc/0x2fe
[  251.130836]  should_fail.cold+0xa/0x14
[  251.134712]  ? setup_fault_attr+0x200/0x200
[  251.139028]  __alloc_pages_nodemask+0x239/0x2890
[  251.143870]  ? __kernel_text_address+0x9/0x30
[  251.148351]  ? unwind_get_return_address+0x51/0x90
[  251.153283]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  251.158654]  ? __save_stack_trace+0xaf/0x190
[  251.163057]  ? deref_stack_reg+0x134/0x1d0
[  251.167289]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  251.172120]  ? kmem_cache_alloc+0x122/0x370
[  251.176445]  ? p9_client_prepare_req.part.0+0x3a/0x8e0
[  251.181709]  ? p9_client_rpc+0x21c/0x1440
[  251.185841]  ? p9_client_create+0xa88/0x12e0
[  251.190239]  ? v9fs_session_init+0x1dd/0x1770
[  251.194724]  ? __x64_sys_mount+0xba/0x150
[  251.198861]  ? do_syscall_64+0xf9/0x620
[  251.202822]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  251.208174]  ? __lock_acquire+0x6de/0x3ff0
[  251.212400]  ? __lock_acquire+0x6de/0x3ff0
[  251.216626]  cache_grow_begin+0xa4/0x8a0
[  251.220680]  ? setup_fault_attr+0x200/0x200
[  251.224990]  ? lock_acquire+0x170/0x3c0
[  251.228950]  cache_alloc_refill+0x273/0x340
[  251.233261]  __kmalloc+0x362/0x3c0
[  251.236786]  ? p9_fcall_init+0x97/0x210
[  251.240751]  p9_fcall_init+0x97/0x210
[  251.244543]  p9_client_prepare_req.part.0+0x8c/0x8e0
[  251.249634]  p9_client_rpc+0x21c/0x1440
[  251.253596]  ? _raw_spin_unlock_irqrestore+0x79/0xe0
[  251.258685]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  251.263776]  ? p9_client_prepare_req.part.0+0x8e0/0x8e0
[  251.269127]  ? p9_conn_create+0x4e0/0x4e0
[  251.273260]  ? pipe_poll+0x2a1/0x310
[  251.276962]  ? generic_pipe_buf_confirm+0x10/0x10
[  251.281796]  ? p9_fd_poll+0x1db/0x2c0
[  251.285584]  ? p9_conn_create+0x3ce/0x4e0
[  251.289717]  ? p9_fd_create+0x262/0x380
[  251.293682]  ? p9_fd_create_tcp+0x4f0/0x4f0
[  251.297989]  ? p9_client_create+0x7b1/0x12e0
[  251.302389]  p9_client_create+0xa88/0x12e0
[  251.306758]  ? setup_fault_attr+0x200/0x200
[  251.311095]  ? p9_client_flush+0x490/0x490
[  251.315333]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  251.320342]  ? __lockdep_init_map+0x100/0x5a0
[  251.324825]  ? __raw_spin_lock_init+0x28/0x100
[  251.329397]  v9fs_session_init+0x1dd/0x1770
[  251.333714]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  251.338805]  ? debug_check_no_obj_freed+0x201/0x482
[  251.343810]  ? v9fs_show_options+0x760/0x760
[  251.348318]  ? setup_fault_attr+0x200/0x200
[  251.352627]  ? lock_acquire+0x170/0x3c0
[  251.356586]  ? check_preemption_disabled+0x41/0x280
[  251.361590]  ? v9fs_mount+0x54/0x910
[  251.365295]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  251.370299]  ? kmem_cache_alloc_trace+0x323/0x380
[  251.375150]  v9fs_mount+0x73/0x910
[  251.378682]  mount_fs+0xa3/0x30c
[  251.382039]  vfs_kern_mount.part.0+0x68/0x470
[  251.386525]  do_mount+0x113c/0x2f10
[  251.390145]  ? retint_kernel+0x2d/0x2d
[  251.394021]  ? copy_mount_string+0x40/0x40
[  251.398245]  ? copy_mount_options+0x190/0x380
[  251.402727]  ? __sanitizer_cov_trace_pc+0x37/0x50
[  251.407554]  ? copy_mount_options+0x26f/0x380
[  251.412059]  ksys_mount+0xcf/0x130
[  251.415587]  __x64_sys_mount+0xba/0x150
[  251.419552]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  251.424133]  do_syscall_64+0xf9/0x620
[  251.427925]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  251.433101] RIP: 0033:0x45c1f9
[  251.436282] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  251.455183] RSP: 002b:00007f2086f06c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  251.462893] RAX: ffffffffffffffda RBX: 000000000001fa40 RCX: 000000000045c1f9
[  251.470156] RDX: 0000000020000200 RSI: 0000000020000000 RDI: 0000000000000000
[  251.477428] RBP: 00007f2086f06ca0 R08: 00000000200028c0 R09: 0000000000000000
[  251.484688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
[  251.491966] R13: 00007fff41266b2f R14: 00007f2086f079c0 R15: 000000000078bf0c
09:57:17 executing program 0:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x5, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:17 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffefffffffffff, 0xffffffffffffffff, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)
mkdir(&(0x7f00000001c0)='./file1\x00', 0x0)
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
chown(0x0, 0x0, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
clock_gettime(0x0, &(0x7f0000000080))
recvmmsg(0xffffffffffffffff, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000080)}}], 0x2, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000003580)=""/1, 0x1}, {&(0x7f00000035c0)=""/193, 0xc1}, {0x0}], 0x3, 0x0)
mount$9p_tcp(0x0, &(0x7f0000000200)='./bus\x00', 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="f4b8233b3f9cd358ea1c333e44", @ANYRESDEC=0x0, @ANYBLOB])
mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000340)='overlay\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
accept$inet(r0, 0x0, &(0x7f0000000300))
rmdir(&(0x7f00000000c0)='./bus/file0\x00')

09:57:17 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x6, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:17 executing program 0:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:18 executing program 4:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x8, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:18 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:18 executing program 0:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  252.194649] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  252.277165] netlink: 'syz-executor.5': attribute type 2 has an invalid length.
09:57:18 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000100))
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback}, 0xc)
r3 = eventfd(0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000000c0)="390000001300034700bb65e1c3e4ffff06000000010000005600000025000000190004000400000007fd17e5ff8e0606040000000000000000", 0x39}], 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f0000000600)=[{&(0x7f0000000080)="390000001300034700bb65e1c3e4ffff06000000010000004500000025000000190004000400ad000200000000000006040000000000000000", 0x39}], 0x60)
r6 = syz_open_dev$video4linux(&(0x7f0000000140)='/dev/v4l-subdev#\x00', 0x100000000, 0x88000)
dup2(r3, r6)

09:57:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x9, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:18 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:18 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0xa, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:18 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:18 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:18 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x4, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  252.543956] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  252.573693] netlink: 'syz-executor.5': attribute type 2 has an invalid length.
09:57:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0xb, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  252.733581] netlink: 'syz-executor.5': attribute type 2 has an invalid length.
[  253.196701] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
09:57:19 executing program 3:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ubi_ctrl\x00', 0x101200, 0x0)
getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8)
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x200200, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000000c0)=0x106242, 0x4)
r2 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0)
write$binfmt_elf64(r2, &(0x7f0000000e00)=ANY=[@ANYBLOB="c4b40003003e000039a594249c1fd83d0000000000000000000000dfeb7bba0028120000fd3b7ea450eb"], 0x3c)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice\x00', 0x101400)
execveat(r3, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1000)

09:57:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x10, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x9, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(0x0, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:19 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  253.249910] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
09:57:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x10, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x18, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:19 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:19 executing program 3:
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0)
r2 = dup2(r1, r0)
mount$fuse(0x0, &(0x7f0000000640)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000120000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d9f60e70a6abe86beaa09339f981ba59f2c52a700c0be0e2d5fbb97f0191229bdb0aec724f820bcdf972ce777c1f5c984754bc7d65430de56e000198e707b377f9417e7c4e37441a9922e340150c6e2ef7cbecec22769544a19486f78bb52fbe00d7d5762e2008beed6dd910de517105758e87210c6c201832b1c7d44d2c3a56de192a8373d2b", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
ppoll(&(0x7f0000000140)=[{r2}], 0x1, 0x0, 0x0, 0x0)

09:57:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x402, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x22, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:19 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x403, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:19 executing program 3:
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control\x00', 0x200000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000200)={0xf000000, 0xd3, 0x1, r0, 0x0, &(0x7f0000000180)={0xa30903, 0xff, [], @value=0x6}})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000140)={r6}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={r6, 0xffff}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000040)={0x7f, 0x8200, 0x8, 0xfffffbff, r6}, 0x10)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r1, &(0x7f00000002c0)={0x2, 0x0, @broadcast}, 0x10)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x98a, 0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmmsg(r1, &(0x7f00000038c0), 0x4000000000000a8, 0x0)

09:57:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r3, 0x0, 0x2, r3})
dup3(r2, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:19 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x900, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:19 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x405, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:20 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:20 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x10}, [@ldst={0x3, 0x0, 0x3}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000080))

09:57:20 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:20 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x406, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:20 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:20 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2200, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x408, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:20 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:20 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r3 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000280)="a9", 0x1, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x1)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8, 0x1, 'drr\x00'}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x8c, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x4}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400c005}, 0x400c0d4)
r9 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0x2b2, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r3, r9, r2}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'crc32-generic\x00'}})

09:57:20 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:20 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2c00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x409, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:20 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:20 executing program 3:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x164142, 0x0)
ftruncate(r0, 0x200005)
sendfile(r0, r0, 0x0, 0x80000000)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f00000000c0)={{0x4, 0x3}, 'port1\x00', 0xa, 0x150056, 0x401, 0x6b4, 0x7, 0x26622ca2, 0x9, 0x0, 0x1, 0xfa})
r1 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r1)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x164142, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r1, r2, 0x0, 0x80001d00c0d0)
socket$inet6_sctp(0xa, 0x0, 0x84)

09:57:20 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x3f00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:21 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x40a, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:21 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  255.116257] audit: type=1800 audit(1595584641.034:26): pid=11957 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16392 res=0
09:57:21 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:21 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x40b, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x4000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  255.232625] audit: type=1800 audit(1595584641.144:27): pid=11970 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16392 res=0
09:57:21 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240), 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:21 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  255.511778] *** Guest State ***
[  255.532484] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  255.557153] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  255.567307] CR3 = 0x0000000000000000
[  255.576064] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  255.586308] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  255.598406] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  255.610902] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  255.624149] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  255.634820] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  255.648249] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  255.660711] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  255.675820] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  255.687372] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  255.697885] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  255.711860] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  255.732934] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  255.746767] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  255.772233] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  255.785567] Interruptibility = 00000000  ActivityState = 00000000
[  255.793549] *** Host State ***
[  255.796925] RIP = 0xffffffff811affaf  RSP = 0xffff8880424978c0
[  255.808254] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  255.815531] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  255.831565] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  255.837850] CR0=0000000080050033 CR3=0000000090383000 CR4=00000000001426e0
[  255.848913] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  255.857824] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  255.867664] *** Control State ***
[  255.873285] audit: type=1800 audit(1595584641.794:28): pid=11957 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16392 res=0
[  255.897975] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  255.906423] EntryControls=0000d1ff ExitControls=002fefff
[  255.921269] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  255.952256] audit: type=1800 audit(1595584641.864:29): pid=11976 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16392 res=0
[  255.956270] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
09:57:21 executing program 3:
socket$nl_xfrm(0x10, 0x3, 0x6)

09:57:21 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x410, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:21 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:21 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x8087, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:21 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  255.998962] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  256.045759]         reason=80000021 qualification=0000000000000000
[  256.075599] IDTVectoring: info=00000000 errcode=00000000
[  256.106325] TSC Offset = 0xffffff7541750ed1
09:57:22 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:22 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x418, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  256.127754] TPR Threshold = 0x00
09:57:22 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xedc0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:22 executing program 3:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer2\x00', 0x80182, 0x0)
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000200)=0xffffff)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x549141, 0x0)
sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xa8, 0xa, 0x6, 0x300, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x100}, @IPSET_ATTR_ADT={0x28, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x800}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x9}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x2c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x5}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private0}}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0xa8}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000)

[  256.157182] EPT pointer = 0x0000000093d4401e
[  256.175990] Virtual processor ID = 0x0001
09:57:22 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:22 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:22 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, 0x0, 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:22 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:22 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x2, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x40000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:22 executing program 3:
socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff})
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/autofs\x00', 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x60, r2, 0xc573de0d27bdfe6f, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private2}}}}]}]}, 0x60}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd0, r2, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0xbc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x21}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0xd0}}, 0x15)
r4 = dup(r0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000480), 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
clock_gettime(0x0, &(0x7f0000000240)={0x0, <r5=>0x0})
recvfrom$l2tp6(r4, &(0x7f0000000180)=""/47, 0x2f, 0x12101, &(0x7f00000001c0)={0xa, 0x0, 0x0, @private0}, 0x20)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$RNDADDENTROPY(r7, 0x40085203, &(0x7f0000000000)={0x1, 0x7b, "3a4f3652c7ede587a1c4066c10ffca7b11e63a521b378a2be73c95a39ecde415a48df129ec37b0a717d0d06d8619267921af883115fa0628bec02bcfd3dae7865f1dc089ab3318647d8c46589ae4a54a2a7304bc8809e3433a7d7f9775a97eee13414325e630fd5fa5d9903b6d1ff1bae0ec4f1964d7b3bfab2f98"})
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)

[  256.383677] *** Guest State ***
[  256.402587] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:22 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, 0x0, 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  256.431706] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  256.454253] CR3 = 0x0000000000000000
[  256.467538] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:57:22 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:22 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x3, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  256.480539] Enabling of bearer <udp:syz0> rejected, failed to enable media
[  256.499641] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:57:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x1fffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:22 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, 0x0, 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  256.534527] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  256.550561] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  256.577788] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  256.628578] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  256.656998] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  256.671312] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  256.679911] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  256.691191] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  256.700243] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  256.709755] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  256.718109] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  256.727593] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  256.734784] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  256.743281] Interruptibility = 00000000  ActivityState = 00000000
[  256.749998] *** Host State ***
[  256.753392] RIP = 0xffffffff811affaf  RSP = 0xffff88804d28f8c0
[  256.759868] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  256.766481] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  256.774854] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  256.781306] CR0=0000000080050033 CR3=0000000090383000 CR4=00000000001426e0
[  256.788809] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  256.796015] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  256.802655] *** Control State ***
[  256.806343] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  256.813513] EntryControls=0000d1ff ExitControls=002fefff
[  256.819511] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  256.841818] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  256.856551] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  256.875077]         reason=80000021 qualification=0000000000000000
[  256.906698] IDTVectoring: info=00000000 errcode=00000000
[  256.914595] TSC Offset = 0xffffff74cbb18aac
[  256.922775] TPR Threshold = 0x00
[  256.926378] EPT pointer = 0x000000008e4b301e
[  256.933284] Virtual processor ID = 0x0001
09:57:22 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, 0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:22 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:22 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x6b6b6b, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:22 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x4, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  257.005574] Enabling of bearer <udp:syz0> rejected, failed to enable media
09:57:23 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x8, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:23 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:23 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfeffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  257.178989] *** Guest State ***
09:57:23 executing program 3:
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f00000001c0))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa10000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3b}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="a1350667a88fca"], 0x0, 0x1b}, 0x20)
keyctl$KEYCTL_MOVE(0x7, 0x0, 0xfffffffffffffffd, 0x0, 0x0)
keyctl$read(0xb, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff83, 0x0, 0x2], 0x4})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r4 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r5 = syz_open_pts(r4, 0x8000)
ioctl$KDSKBLED(r5, 0x4b65, 0x7)
write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0)

09:57:23 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xe, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:23 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0), 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  257.200487] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:23 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x1000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  257.260173] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  257.297105] CR3 = 0x0000000000000000
[  257.325973] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  257.337349] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  257.352103] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  257.376112] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  257.388558] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  257.398448] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  257.412231] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  257.420819] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  257.432524] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  257.447839] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  257.456357] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  257.465323] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  257.478856] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  257.503759] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  257.512121] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  257.520430] Interruptibility = 00000000  ActivityState = 00000000
[  257.531546] *** Host State ***
[  257.538552] RIP = 0xffffffff811affaf  RSP = 0xffff88804be3f8c0
[  257.545729] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  257.552633] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  257.560983] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  257.567060] CR0=0000000080050033 CR3=000000008d94c000 CR4=00000000001426e0
[  257.574599] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  257.581789] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  257.588132] *** Control State ***
[  257.592569] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  257.599814] EntryControls=0000d1ff ExitControls=002fefff
[  257.605498] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  257.612925] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  257.620089] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  257.626896]         reason=80000021 qualification=0000000000000000
[  257.633692] IDTVectoring: info=00000000 errcode=00000000
[  257.639664] TSC Offset = 0xffffff745d36a483
[  257.644199] TPR Threshold = 0x00
[  257.647733] EPT pointer = 0x000000008e98401e
[  257.652618] Virtual processor ID = 0x0001
09:57:25 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:25 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:25 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0), 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:25 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:25 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, 0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:25 executing program 3:
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000000), 0x4)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x20202, 0x0)
mq_timedreceive(r0, &(0x7f0000000080)=""/116, 0x74, 0x4, &(0x7f0000000100)={0x0, 0x989680})
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x7102, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000340)={0x8, 0x286, &(0x7f0000000180)="137b8c5ae1931fb44b40a2d942498c619a79fa43af022ba9733acfa1d75e7b04f5396f2828b67a99076750c75ba0a4cbaf2fd03b61b70e56fcb1a6f3f7c3b78488e21d3dc3f344fb38ed66e0b26de9e99c1f263bc089214f13195afd4db1d76e0094400bbe2cb121c70f8faab4fdf089892d6eb78367922ac7b92fd90f1327657ef96a7763129bb833014a1fa0a4", &(0x7f0000000240)="f60793f8c2844ef33e4263c41bf435b1bf7d5b9c7db55dd6abcb22cbf6f3a27d6c057cedadc22a73cd7874e9ddbecdcefee77791ce00efb482f3eb4290578d4253d7f1399a7736e39e2d156cdd3951527f252ca4b0ec338a093416fc90a2971c711bfd123ccc69450461f29f81cc2f641907e8f9249a89b6acf7e41c24bca992ef39d8ce1f7ce8422d7ecc19d54ff5056975131f4c16a8a00969b47769da8e3e70db4e9e6058f581e93716cfabbab458cfd28e29ca2780a77c501c923e959c6500f3bd8998a5216d8db6dfaf234680e57aaf7c36e064718324b06a08e4b7", 0x8e, 0xde})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcs\x00', 0x240040, 0x0)
ioctl$NBD_CLEAR_QUE(r2, 0xab05)
ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x7704, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f00000007c0)={0x2, 0x1, 0xe, 0xf, 0x40, &(0x7f00000003c0)="e418f1b7bca7adfc272b5604d4ea818a5e8224fdf5b7afaaed6a1b629b4b5062126ab4f8a3d90373c7f152b0d3ad9f0968c86afcfae7a0333f0c4d2802210d34e4d690be33ff9cff1f1816da7df4a3c3ba8e3390d1d08a6babbebebaaa2bf884a366ad180671753d68b73111943aa29f1d1753488be397bbe9a7f7c6de2b52d9032968629102324817791df9675c4b1ec46ccf1d541be256600eb49460aa94bdc9c378d2f9135af3c7d9963d2967cda817f25ad551a94df1610f67f9283c85e1f9e0bd5f7f6189d7ac53c688c884e9adc070d9e1970e21af050c958ba95f5cdd917efe72f07295bda57452e8a73a1cfcc63fa286846e5fbfb471f423a6640d977bdf90c5f830956a46a53536038a59574b2523b0e46ec9740cb6d50a02c5730bb7cd3aa76588e177631d442a75c3b0ce5b7de2180a3f9237751211f35453c57dff6f5b63bf7f359472816f1244f757bef461322c3be85c73abea3be1d17197202fbf0b203d93fafd392433a89868f8c6828bdd3fe7076129c05ba373a2ecc7e5f3f5098ce3031a7b5916bd63a3177ca55828550d137d35bc524b8f1a8a09f46790e06ae25a2085275bc20154162cdaf8d7d0ab71f7939c119fbebdb261e610609751cb29f4ce918f1edfdc81ce78328b4a6ff3dcab960a2ae116083df2a313271d9bbe7741f003a3983c2364376413b4ac640c273d18f23c39f590e5263cd781fdbafc2b1f298fcc4d6a50a447ece4f3112b5cc7a55ca2198ef60f3d1abb105a090306b6398c0b85413cbe909b302722cdc8069ee6267bafd65401c8c2eaa7d2331f0e0b7b92069d4be54b8c1750af7ed305dd6aaa15ab7fcc5cd422fd9bad3bd7e618eed4e9e5849e02ef10cc52fbf5a354bd01d7ed3de8685486cef3e8ca0b3136838119ea7a281b130c772041f52fad5ef1047384375987a73fc085b14c617ce9e7880cb07d55d568260d0f2dcdaef6c4703bb2e48c30e6197cac7f0eb07e5e84e9b2e36dd005c9d0d052ed04852e77eb9a570d8c897b3716a5baac215135b4b2d184dedddf21a3fe0f6f9a3dc2d893edb91393234764b24cd1830fcb21dc772537053b970bb915cf33ba4df4e4ef74588f4dd46d1af0dcb56479e0cdceded3ce8adb292f344e6c547fd8c20368d1cae2e49ec45a3b1192d7c868eff70eb9a0cb3bf7107be32123283ca802dee76d11d5a59279db51bb0e4009f1f024e82a5e64cbd59a3f7ff1240192d7ac57f3f860fa96fd5d9e5ef23a740cf1d5405db3c2ddfb2289b964a106ad7ffc92a4b72688134f8ec1ab22ef3b2c0661cae6bff59f09c1b083a818aadaf7ba83b7dc6f41c3ae1623716923293f1049f77ea74efd6e01e4aeceade2c55419c1141477d432093cc4d0ba449690606c44723eb4e9782381777e5a2707e392f57949d229c6aa5d0ac0e402149a316d331999798ea553"})
ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000800)=0xa824)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000940)={&(0x7f0000000880)={0x94, 0x1, 0x2, 0x801, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}, @CTA_EXPECT_NAT={0x78, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @empty}}}]}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x45}, 0x20000000)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/dlm-monitor\x00', 0x80, 0x0)
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000000a00))
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/nvram\x00', 0x200, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r4, &(0x7f0000000b40)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x30, 0x140d, 0x200, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x801)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000b80)=0x8)
setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000c00)={'filter\x00', 0x7, 0x4, 0x3c8, 0x110, 0x1f8, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, &(0x7f0000000bc0), {[{{@arp={@multicast2, @broadcast, 0xff000000, 0xffffffff, 0x10, 0x4, {@mac=@dev={[], 0x1a}, {[0xff, 0x0, 0xff, 0x0, 0xff, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x5, 0xfff, 0x648, 0x3, 0x4, 0x1000, 'macvlan0\x00', 'vlan0\x00', {0xff}, {}, 0x0, 0xb}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @empty, @multicast1, @multicast2, 0xf, 0xffffffff}}}, {{@arp={@loopback, @remote, 0xff000000, 0xffffff00, 0x7, 0x0, {@empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0xff, 0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x4e7, 0x20, 0x2, 0x6, 0x9, 0x6, 'sit0\x00', 'gre0\x00', {}, {0xff}, 0x0, 0xa6}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@arp={@loopback, @multicast1, 0xff000000, 0xff, 0xa, 0xb, {@empty, {[0x0, 0xff, 0xff]}}, {@mac=@link_local, {[0x0, 0x0, 0xff]}}, 0x1, 0x9, 0x2, 0x947, 0x1, 0x8, 'macvlan0\x00', 'team0\x00', {0x7f}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0xc6b, 0x9997}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x418)
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001040)='/dev/nvram\x00', 0x200000, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000001080)={0x16, 0x204, [], [@enc_lim={0x4, 0x1, 0x2}, @pad1, @jumbo={0xc2, 0x4, 0xfff}, @hao={0xc9, 0x10, @private2}, @generic={0x1f, 0x1000, "5d81eba95898ce081d1b567157d4a4f9f0aa90f3c530904fc734f6c3e2fd479eb363241cf020b4e42c3f7cc6e079344578ade5ac4e4a1d1e645f40b16d110c2082911ffdfe2b59def690631f2389c6849bf621a027516a6cd8bae8a3fec41cd870ca2a621a41e94ae03888afcced5d1c57ef85f398e4bc9ad366338d584e0330465cdb1478d7ebd5c9b7728d26f915133cf03ae668b927de628271842f8172aabbca62e9d58ac4b86c9ed453e5fe8c5a586138cccf2aaec829f9daa83f0b19cc73fceb5422b0d25a08e6db92670d882e6cf34702881ddfa64cb10ef7964f7c68ccd5e2242b2f75bf611c3a50af8c695b26e8b51b9ba7ffead4c2487a726fe1c38db90f8cdc5c77c0952c589b4ba424c6e54e2b53ad8f5177b19effe13128e9e9a48da668faf40916ed13b2ad387ac7da1012a48bacae52af220bfe372b05fcd3f5c58c3f9e0561a5928e28fff77a2cfac7981d224b9edadba227bf707ddfde58eb563959712ee6e3bf3c7def8b34540366b741afad21faae7e81a868bd8599a3266cadbf6bd414cc6411f1f05731c4c830f8d0f21c01d167c404ad4c16fcd5980f412a417aa7e2c1a6cd356ab228ce5d7f6bb593b8639e0ef5ac1069e7387f3e28ef23eab27078bf71df8c0afebd66acc7f22023d96cb42664890b23acecce98874de6d665ecc9ea206eedef398a084f13f51f10bbbc0eb0610489170f635c09a8c91f3957e1794be5045810fa9a20e7e88fcd141815177703a0cc56101c98d64e0fdcc0c809b4cc4d893ef9b66b96f07e7b2c5fdd0db92db76748e5628c9597d60f2fc3ad71da364dcecf23a6c40f1649bb98569c223e06b9d86df0b95d118a7bb24276bb19a6f8f6f898164421d9ce027b4afe8a027dae18b5ff5fecd3d207668ad431cf620627eefb4788e2f2ca12510c19fc0988f2782ba4c35e026352465950f5cf1e75e0c8f82823d1d5dc81718e30e25292e513bb7b8f71342ecf003e28aacdcfd4a2ae7f467e5bdc574554d72eade2bbce6e0a4c25a56de55902eeac09a20698fac4427eddd617311cc2000a88c2334f8f8dcb2b6c91f21d71ac34c41a76def49a80747a4f36576f159bbdb46be195ef6305aaa244bfac981c136794e4d4e3efc4ea701f5edf323463984b05c9961265dda7b0007e5b80d54932d363c561a0578f52cc1a49f1b8f771cce8bb7f8b2bca6bac5baef89548419287879ccf584775b213e3d3321173b995de23f6d8a706ef050d915896f6dac93f2e0a7e5ba9e445f293186bc1ca6338d9b4ade21a0b1580e022122933ec32738edec5c0d7de4bb8026a2e840753a4bbd92f5e19df7673416df85082efb798a0b0b4356cc7c78a538079c8d3f7f97efc6882d266f669597bf1cf512d00efe61962f0e97a44dc6d4e90e23b6f5d1695c4161dca1ea4d995239acc2c07838b222d2ef25a0f4bb303aef6714e71f9a2fba5453f09b42fd0099758388e6a275fa03fa795dae6a48ecb485fdcc51b82d1caab5582c02e8604f7bc5c7911d4a96902de203131d352af6c7752a792d06f6b4bba5f5182e758e4715c139e032e1fd309c75acdd690849fc482ace4f740b351a643dcb36f702c9d6c608bc98be674ff6783d52db47205b567cef9b9d9dee1d5ef9034d51e89fa8809c252acc1cfd209b0c5c46f4b84f249cec2f2ba585ff70210d9379df40f7c7034e7db4071e75d75445d18eab9dacc21ed2e5a14f1477b88ceddc28a8338e712c61455fd27e189f7586bd03b8a39f0ca9a28def7f63f284878c80b2d023b875dd876d7825b6613217598286964246e9aa9b4987b94252fa75cf80aaf63e83f2e0596930a2dca006ad62a75457e315ffda0dd3a06b7d5e9833cf785fb6c0893874a9ab76a28ebc0efb723ad432fc9d18c9df2819ef8eeabc19b1ea0203bb99586fffb041dd3fe626288bc6694159d5d37d90bdc8819536577421f62188241711a8e288856873c0060eac256434754450f8c314bfbe9e9c6a633cb1c21327e08171a4576aaba583962aa38c20838e4ea9adf98141ec70bc18a012192ad2acb0f1d14396e4d6951f44044a261bf3ac467c4e6e7fbbe14a4f9d02ed93c3be19281d211f23cec6d873e55510e0bcd08dfe1cc57b8a76e69e9abec2f32207d1da445054b7b4bf021292c5bbb06a7d1edda1ad316dae1050763bab7dc4fc88682439be2db17ade9fd84ddc8480dad3f1b2bb0ca81850f5cde25c37f673eac47ac759bb87891ac8b33b8c4cf9c9ee86e76b0e500d5da7cf2d9860156b3cd407862d3a366af37beada67b79ceeec910fa30876d9934f66d528ecca05e07cdfc7049456d66cf32446bf340b205b6eab43dfe26d03d63ee044d72090eca0c3f451772cd583dcbe9ab5ccf9252c88554fc4df4852e748f6cec087a2ac3841c0a8a45ef91c85cf6f336184de6decb515bef683daf6bd4a0c11e668e1ca39a832056d0306661d42471b087a588a461540406f0ade747e9a00bac15ca4f5c2de586e42a570367ea8ea965693e3bf25cb2f4a16c0110ee14c83d35a34f182c3c34f3a39be06a4b4ebaf11b53ed64d8fe15f43a82604e658810362c9e31790caba50b973078033d76ded783363d671c1beb377936819c3f36e15689a3ca5c003d98a8cbebaafd0ebd77ac5dd859eda777efdb37a49cd16e4d1b48b253d3d523d5c7f97973e370b5722fc8009a1c8f3777887c137ba2a8420d430938fb40dcc4effd3be6214691ad1bd71a582d3833f8c5eeba8374e1435af52f4c87a34b7a53ede7257538078a0b2d709389c007dd8c4c41839f9fe24dc9a268d37b4f6bb25d21eab47371aaafcafafd2818a6a28e7d8d5dda649d247575ee066f6c99706b2ed72c7125396fb5ff622e16b5676e04b10765a88f1c0e429d4682a3c82c7400c5f47d44a1cc37112e034d378a9ef5445870df95b2de60482e3136b6b02ff8e73506d8512f1b14e221767b4c2299256fcf5dbab1d8a01059cf952f8646ed1fe9534c4e0bb597dac6a28ab12c47aacdf7b7bc433f79b9c6c4d0249859b2653b14a583c6b762b9e838b34a65c832b0d7b09d6be27439949f943a37f83e25dfbfdf0f9eb534c4bff03d60bb9ff0956cb305ab618de5aa5dd22b9283f6540d32b43a8aac932e32e64885aa092deefa2d1fc44842b7f720a5c074234023dde6188da83b941a3df3e8e54fb398d4ac3e6e901eb7140c9ef271987aed2de802758aafb15989cda2f2d66a7db241d7b1cc3c2cc334b42c29bf1abe9d2a8fce1b1f30913189ce11efed7faed79e9439b9bb161253cb174f6daddf7ca3e6cec46c9d19bb98dfdc913566e344c21c52a3e63d56b79c498a0bdf42dd035bcbc1812762ede8829db4e49edc30a377445e3f94ef842812450641f077b7a8c9da6ac8e6d096c3f933ecafe7db592312138b16b3ada0ca1412ba780039c3084dc0c4809167642ae35c43767aa5b198dc0a190e7c756346dcfbfad62f6b465c2f734212299360c8b442440959d1545ae0e90a2f532d661f5cb17a88cad3cfb8b6d3c552e041cd03429a103b306b041675e75208247803a8c41fc4112db89591275df7a20da87e4a540db54ff3c038034695c548412faebea87647435016d319c473e28d5f5517b67fb11bd9a161c7a4c9cb9a2358dc260d1d7eca51b18fd0cc777a0667b50827c87075b5ccc3df578f469de3f7dc1240a739253cb6f5d28b58bab023c20f80aec2e67475fc3018b29303bef9d8378ed0f19a89035d73baea7240bec70108c06484ee06c34ae3bcafc9d6cc28a15385c5da1c6a128262c53ca151444942c6e2a587ff1beb0ca71c4ea529c43c11a22a8dd4f94116f54f1ab50a68723a9f5569954d9a294a068bc7460cfeba256f59d4605780708684831297192b058164e1b9697ac4df7831ea84bc076b00388d8591197da1ae7d8474c50b9850addf912e0338e3b862d5f8d5eda9d3f2e3fce837795b84f6b59b9afa50926496c98c195573e4e849540a7676375f59c3cea0d1888d74dbffc26813fa47213cc709ee78097169ce49b19808449a741f7f0f4eb2a523984580848154be3578d17c7485e56d67c2f100c2f2dea8cb3d080bfb88d48e4bac71f69aa09ebb4ad750bd928d15f76720027b689bf24bf269c211d5f780bd1ed3b750065631f7c23952afa591953f6c405eb9f8fb48e8450afebea3e730801c9a42d08a26ca4f851faa70eb4563748f130f71ae26b4d17fbe2d4fc6b1ce8fd991a893a06a3a7d436f0fe769830b3ff0975a8b6c206e60dc36a92cb71b341281837d8d7f58786bae8c09c83081c9f4e9bbfddae524f729255de8a36abc5b07914915deb23905641b49d94734f5267c984210c73bbff46b4fab734da1f9df47bc93409ac3ddd44a45ef152c892181135591b7760ffe997fff5e9723191213f10c1a2dee0dc3c6c1da2b9c7d77b25c5a246eed5335d37414f738be6741bcc7151b266b68480643f57ce5017bee89e829a5022c231274420082eea01b58b5e5f11e743d8045b94d821bbfe03c173cad89e5e7432c05d219104f527fef939d6da77f137a83f6aff01a739ec4afe165f6b02ede81b6468656e3021823686ac37df24581ad99740c996fbcf2feeb16c8ba8ff35e80ae57ea4df72c0c46db0f0bd69105cbb4c49def82349c7e87ed76f9e117b7098398798c0095b953b6cd044124f482beb53ff0da7412df30c65add0a11c59cdee33e29b8c5ccaa2848936ca34efaddf0c3804dbf42070368d778ce06da99b037582012f5c858064d5b166416a6122cd33265f394725e8a97af4403ab40162aefd290c30599b36aae1d7f7a5fead5b6a865a2eed0cec5a75bcf88f35b123af9046fbf72be7c7b54d5a9d01cbf11759e8102ee8c266f8a21bfb6aa09d1bf575aecbdef184efee7f73b3ef08bcae2d1222a68c7ae59914e8820cef475780ad56a71143c76d557bc577caac037b6f3425da0d51b57e541a1ba52d6b5f580bbe41247fc163567578cd87e03d4e39786d862abae860488e20f307fbcec6ca44a42d26384acc0e6d7c83f9a3c2bd4a67afeb1fad90dbe44dc85b564c4a11368b6b408912f6365a4abf4d00c808d0cac99eb56447184a86336083cb90fb21678e33f91377b2fa0bc1f1f3dad958e9302185c1c2dc5d8788b6176e510168c972e0b90ce29ad178aebbe98bc723b19015fb2d2603fce85c9c86ab4fc44f55175a0db8218c670a062e33c1d701aa87081d3a2cece399e329c4708c26a6a0132f19dd2660655f712ec25a56ee8b8e2cfbd1cc2cc7288dbcab2df10d91294b9b6a2e725063f0f7e9d9b236e8887478810b13c8e25fbd5d95c43bacad4a159f8984920df994489c3e8909ae5c4905b6d2f6adb71d95850c842d082ea734bb9bb1b1090206bc0a6d8b4581e983161b06f4f89da4cca564ce77b5cb0004b6603491e91cb57a8dd32b120941527de9ed8cc2f65905bfb35b52aa46fff1467e6cff79755c63c8d49d7f3c86ff65b631483951fbded09e90a45fc191f23f0bc9dc59b0c88751ad0659fc53e6478211aca9cdd1acebb228d4e83699ef1fefd9ec983cd192312244eb1447ef73e8e9414dd45d862f5c49ab872db47be60a4ea4086479376775c6c52062759b127659f0f0fc680664898b0fe3a39baeba75f83300697fde67bfe33ecbc44189ed04b927b872f1433158dbddcafa5b26c6e69e815e457d07c6bc377872a6a954c1bbf351fa94a2a14575a957e1a47774f0eff250783460577002932ccc61640e191ce69e1ae8aa947e6f2614396286d870ee96d215230a5e4"}]}, 0x1028)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f00000020c0)={0x1})

09:57:25 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x9000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:25 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, 0x0, 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  259.709692] *** Guest State ***
09:57:25 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0), 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:25 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:25 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x60, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  259.736378] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  259.782169] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  259.817650] CR3 = 0x0000000000000000
09:57:25 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xdd, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:25 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:25 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:25 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, 0x0, 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:25 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x10000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  259.847453] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  259.904686] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  259.931068] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  259.971061] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  260.017972] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.040886] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.054918] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.072903] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.081501] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.090211] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  260.098588] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  260.106911] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  260.115594] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  260.124067] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  260.131283] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  260.139131] Interruptibility = 00000000  ActivityState = 00000000
[  260.145443] *** Host State ***
[  260.149051] RIP = 0xffffffff811affaf  RSP = 0xffff888042dbf8c0
[  260.162362] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  260.169454] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  260.177347] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  260.184122] CR0=0000000080050033 CR3=00000000910c3000 CR4=00000000001426e0
[  260.192215] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  260.199550] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  260.205704] *** Control State ***
[  260.209964] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  260.216902] EntryControls=0000d1ff ExitControls=002fefff
[  260.222778] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  260.234258] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  260.241460] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  260.248156]         reason=80000021 qualification=0000000000000000
[  260.254638] IDTVectoring: info=00000000 errcode=00000000
[  260.260180] TSC Offset = 0xffffff7302854721
[  260.264655] TPR Threshold = 0x00
[  260.268004] EPT pointer = 0x000000008f4b701e
09:57:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, 0x0)
dup3(r3, r1, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

09:57:26 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, 0x0, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:26 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x20000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:26 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @rand_addr, 0xfffffffe}, 0x1c)
prctl$PR_SET_FP_MODE(0x2d, 0x3)
listen(r0, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000000c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}]}}}}}}}, 0x0)

[  260.272614] Virtual processor ID = 0x0001
09:57:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x300, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:26 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:26 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x22000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:26 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, 0x0, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  260.448063] *** Guest State ***
[  260.467776] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xe00, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  260.513119] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  260.550503] CR3 = 0x0000000000000000
[  260.556965] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  260.574064] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  260.608107] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  260.643464] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  260.671731] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.680823] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.692323] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.707426] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.715857] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  260.724241] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  260.733920] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  260.749098] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  260.757180] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  260.765589] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  260.772570] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  260.780495] Interruptibility = 00000000  ActivityState = 00000000
[  260.786758] *** Host State ***
[  260.790308] RIP = 0xffffffff811affaf  RSP = 0xffff88804798f8c0
[  260.796364] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  260.802967] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  260.810855] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  260.816738] CR0=0000000080050033 CR3=000000009023b000 CR4=00000000001426e0
[  260.823827] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  260.830565] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  260.836702] *** Control State ***
[  260.840229] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  260.847004] EntryControls=0000d1ff ExitControls=002fefff
[  260.852556] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  260.859830] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  260.866498] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  260.873174]         reason=80000021 qualification=0000000000000000
[  260.879550] IDTVectoring: info=00000000 errcode=00000000
[  260.885160] TSC Offset = 0xffffff729c8b0a8b
[  260.889572] TPR Threshold = 0x00
09:57:26 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:26 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x10, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2c000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf00, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:26 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, 0x0, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  260.892939] EPT pointer = 0x00000000a13f001e
[  260.897340] Virtual processor ID = 0x0001
09:57:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x2000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x3f000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  261.014511] *** Guest State ***
[  261.040046] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:27 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x10, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:27 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  261.067613] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:57:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x3f00, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:27 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080), &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  261.109673] CR3 = 0x0000000000000000
[  261.128781] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:57:27 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x40000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  261.159739] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  261.190966] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
09:57:27 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x10, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:27 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  261.217022] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  261.233342] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:57:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x6000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  261.268934] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.311387] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.338782] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.349473] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.364950] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  261.379615] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  261.396353] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  261.405896] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  261.421038] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  261.427622] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  261.441033] Interruptibility = 00000000  ActivityState = 00000000
[  261.447497] *** Host State ***
[  261.452089] RIP = 0xffffffff811affaf  RSP = 0xffff8880478ff8c0
[  261.460101] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  261.469132] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  261.483292] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  261.490407] CR0=0000000080050033 CR3=00000000a063a000 CR4=00000000001426e0
[  261.497849] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  261.505999] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  261.513127] *** Control State ***
[  261.516727] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  261.525128] EntryControls=0000d1ff ExitControls=002fefff
[  261.535615] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  261.552261] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  261.561740] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  261.569079]         reason=80000021 qualification=0000000000000000
09:57:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:27 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:27 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x6b6b6b00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:27 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
close(r2)

09:57:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xdd00, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  261.575405] IDTVectoring: info=00000000 errcode=00000000
[  261.581674] TSC Offset = 0xffffff724eed8a8d
[  261.586002] TPR Threshold = 0x00
[  261.591433] EPT pointer = 0x000000009602201e
[  261.595852] Virtual processor ID = 0x0001
09:57:27 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x87800000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  261.724794] *** Guest State ***
[  261.745203] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  261.775786] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  261.813319] CR3 = 0x0000000000000000
[  261.826894] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  261.844734] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  261.863461] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  261.871681] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  261.885287] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.897081] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.914894] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.927157] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.936030] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  261.945400] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  261.954313] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  261.962899] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  261.971565] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  261.980227] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  261.986651] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  261.994933] Interruptibility = 00000000  ActivityState = 00000000
[  262.001722] *** Host State ***
[  262.005043] RIP = 0xffffffff811affaf  RSP = 0xffff88804758f8c0
[  262.012173] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  262.019217] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  262.027018] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  262.033811] CR0=0000000080050033 CR3=000000008f64c000 CR4=00000000001426f0
[  262.041437] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  262.048986] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  262.055058] *** Control State ***
[  262.059555] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  262.068884] EntryControls=0000d1ff ExitControls=002fefff
[  262.074352] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  262.082224] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  262.089763] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  262.096371]         reason=80000021 qualification=0000000000000000
[  262.103495] IDTVectoring: info=00000000 errcode=00000000
[  262.109733] TSC Offset = 0xffffff71ed91bbd7
[  262.114067] TPR Threshold = 0x00
[  262.117425] EPT pointer = 0x00000000935a601e
[  262.122900] Virtual processor ID = 0x0001
09:57:30 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080), &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:30 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
close(r2)

09:57:30 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf0ffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:30 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x8cffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x1000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:30 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
close(r2)

09:57:30 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xc0ed0000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:30 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  264.350873] *** Guest State ***
09:57:30 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x0, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x2000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  264.384021] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  264.424573] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  264.457321] CR3 = 0x0000000000000000
[  264.481425] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  264.503205] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  264.511808] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  264.522050] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  264.538819] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  264.548703] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  264.559161] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  264.575802] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  264.590588] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  264.599293] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  264.607407] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  264.615729] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  264.624841] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  264.637677] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  264.644271] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  264.652146] Interruptibility = 00000000  ActivityState = 00000000
[  264.660692] *** Host State ***
[  264.664027] RIP = 0xffffffff811affaf  RSP = 0xffff88804efdf8c0
[  264.671167] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  264.677970] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  264.685804] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  264.691913] CR0=0000000080050033 CR3=0000000095933000 CR4=00000000001426e0
[  264.699076] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  264.705746] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  264.711956] *** Control State ***
[  264.715407] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  264.722140] EntryControls=0000d1ff ExitControls=002fefff
[  264.727724] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  264.734650] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  264.741365] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  264.748217]         reason=80000021 qualification=0000000000000000
[  264.754622] IDTVectoring: info=00000000 errcode=00000000
[  264.760151] TSC Offset = 0xffffff708704dae6
[  264.764464] TPR Threshold = 0x00
[  264.768051] EPT pointer = 0x0000000083f2701e
[  264.772466] Virtual processor ID = 0x0001
09:57:33 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080), &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:33 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xf6ffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:33 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:33 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x3000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:33 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:33 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
socket$inet(0x2, 0x4000000000000001, 0x0)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:33 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x4000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:33 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfeffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  267.368576] *** Guest State ***
[  267.372370] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  267.382675] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  267.400468] CR3 = 0x0000000000000000
09:57:33 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  267.421374] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  267.455949] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:57:33 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x6b8ffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:33 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  267.483402] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  267.505378] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  267.514782] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  267.523631] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  267.544638] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  267.564154] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  267.600364] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  267.609226] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  267.617994] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  267.626416] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  267.639136] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  267.648591] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  267.661895] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  267.670130] Interruptibility = 00000000  ActivityState = 00000000
[  267.676791] *** Host State ***
[  267.681215] RIP = 0xffffffff811affaf  RSP = 0xffff888051d578c0
[  267.687985] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  267.694558] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  267.704232] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  267.712844] CR0=0000000080050033 CR3=000000008a1e6000 CR4=00000000001426f0
[  267.721744] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  267.740125] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  267.749894] *** Control State ***
[  267.766400] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  267.773634] EntryControls=0000d1ff ExitControls=002fefff
[  267.779688] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  267.786607] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  267.793351] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  267.800495]         reason=80000021 qualification=0000000000000000
[  267.806902] IDTVectoring: info=00000000 errcode=00000000
[  267.812439] TSC Offset = 0xffffff6ee7abe1ba
[  267.816752] TPR Threshold = 0x00
[  267.820298] EPT pointer = 0x00000000903af01e
[  267.824704] Virtual processor ID = 0x0001
09:57:36 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:36 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffff0000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:36 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@delchain={0x24, 0x25, 0x50937916c6307ea5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:36 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

09:57:36 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x8000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:36 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:36 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:36 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xe000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:36 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

09:57:36 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffff1f00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:36 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  270.509219] *** Guest State ***
[  270.523808] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:36 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  270.555557] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  270.594266] CR3 = 0x0000000000000000
[  270.615817] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  270.637607] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  270.658078] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  270.674630] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  270.694016] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  270.704280] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  270.720111] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  270.731190] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  270.743887] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  270.755285] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  270.770159] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  270.784547] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  270.793025] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  270.802155] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  270.808676] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  270.816419] Interruptibility = 00000000  ActivityState = 00000000
[  270.822768] *** Host State ***
[  270.825972] RIP = 0xffffffff811affaf  RSP = 0xffff888044ff78c0
[  270.832048] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  270.838736] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  270.847389] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  270.853393] CR0=0000000080050033 CR3=000000008ea59000 CR4=00000000001426e0
[  270.860868] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  270.868427] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  270.874666] *** Control State ***
[  270.878311] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  270.885159] EntryControls=0000d1ff ExitControls=002fefff
[  270.891022] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  270.898721] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  270.905389] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  270.912224]         reason=80000021 qualification=0000000000000000
[  270.918857] IDTVectoring: info=00000000 errcode=00000000
[  270.924317] TSC Offset = 0xffffff6d39be8f47
[  270.928742] TPR Threshold = 0x00
[  270.932265] EPT pointer = 0x00000000a0b7f01e
[  270.937636] Virtual processor ID = 0x0001
09:57:39 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:39 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

09:57:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfffffe00, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:39 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x20000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x0, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x3f000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:39 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:39 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

[  273.506672] *** Guest State ***
09:57:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffffff7f, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  273.557594] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  273.592509] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:57:39 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x60000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  273.618711] CR3 = 0x0000000000000000
[  273.633370] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  273.669829] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  273.689704] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  273.719251] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  273.738499] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  273.755804] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  273.766158] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  273.781795] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  273.792882] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  273.802190] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  273.812105] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  273.821737] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  273.830901] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  273.840236] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  273.850264] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  273.859014] Interruptibility = 00000000  ActivityState = 00000000
[  273.871527] *** Host State ***
[  273.874879] RIP = 0xffffffff811affaf  RSP = 0xffff88805048f8c0
[  273.881955] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  273.890077] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  273.899004] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  273.905011] CR0=0000000080050033 CR3=000000009f090000 CR4=00000000001426f0
[  273.913158] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  273.920983] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  273.927772] *** Control State ***
[  273.931406] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  273.939982] EntryControls=0000d1ff ExitControls=002fefff
[  273.945463] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  273.953482] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  273.960742] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  273.967896]         reason=80000021 qualification=0000000000000000
[  273.974610] IDTVectoring: info=00000000 errcode=00000000
[  273.981281] TSC Offset = 0xffffff6b9e128329
[  273.985626] TPR Threshold = 0x00
[  273.989811] EPT pointer = 0x000000009fd5501e
[  273.994399] Virtual processor ID = 0x0001
09:57:42 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:42 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffffff8c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:42 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x9effffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:42 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:42 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xdd000000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:42 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfffffff6, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:42 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:42 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf0ffffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  276.588564] *** Guest State ***
[  276.604940] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:42 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r0)

[  276.669080] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  276.712015] CR3 = 0x0000000000000000
[  276.725260] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  276.747467] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  276.761095] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  276.770527] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  276.780427] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  276.796100] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  276.805100] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  276.818394] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  276.828615] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  276.840987] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  276.851552] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  276.863693] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  276.881245] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  276.890226] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  276.898794] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  276.906853] Interruptibility = 00000000  ActivityState = 00000000
[  276.913324] *** Host State ***
[  276.918166] RIP = 0xffffffff811affaf  RSP = 0xffff88809440f8c0
[  276.924179] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  276.931779] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  276.940212] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  276.946830] CR0=0000000080050033 CR3=000000008f4ef000 CR4=00000000001426e0
[  276.954016] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  276.961838] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  276.968545] *** Control State ***
[  276.972111] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  276.979978] EntryControls=0000d1ff ExitControls=002fefff
[  276.985456] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  276.993240] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  277.001298] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  277.008557]         reason=80000021 qualification=0000000000000000
[  277.014897] IDTVectoring: info=00000000 errcode=00000000
[  277.021288] TSC Offset = 0xffffff69f85da127
[  277.027113] TPR Threshold = 0x00
[  277.030504] EPT pointer = 0x00000000903c901e
[  277.034927] Virtual processor ID = 0x0001
09:57:45 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:45 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:45 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfffffffe, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:45 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xf5ffffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:45 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r0)

09:57:45 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:45 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xfcffffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:45 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r0)

09:57:45 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:45 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x8087ffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  279.612537] *** Guest State ***
[  279.632620] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  279.674539] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:57:45 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xffffb806, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:45 executing program 3:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

[  279.719980] CR3 = 0x0000000000000000
[  279.737201] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  279.755277] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  279.787946] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  279.822637] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  279.839871] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  279.852941] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  279.871744] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  279.880673] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  279.896663] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  279.904843] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  279.919337] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  279.929468] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  279.941764] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  279.952280] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  279.968175] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  279.976652] Interruptibility = 00000000  ActivityState = 00000000
[  279.983052] *** Host State ***
[  279.988015] RIP = 0xffffffff811affaf  RSP = 0xffff8880874578c0
[  279.994119] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  280.001938] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  280.010720] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  280.017324] CR0=0000000080050033 CR3=0000000095ede000 CR4=00000000001426e0
[  280.024350] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  280.031901] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  280.038547] *** Control State ***
[  280.041996] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  280.049610] EntryControls=0000d1ff ExitControls=002fefff
[  280.055058] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  280.062917] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  280.070112] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  280.077483]         reason=80000021 qualification=0000000000000000
[  280.083820] IDTVectoring: info=00000000 errcode=00000000
[  280.090068] TSC Offset = 0xffffff685a25b30c
[  280.094383] TPR Threshold = 0x00
[  280.098656] EPT pointer = 0x000000009f1f301e
[  280.103064] Virtual processor ID = 0x0001
[  281.657490] NOHZ: local_softirq_pending 08
[  282.311446] NOHZ: local_softirq_pending 08
09:57:48 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:48 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xedc000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:48 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:48 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xfffff000, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:48 executing program 3:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:48 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xffffff7f, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:48 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:48 executing program 3:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

[  282.667238] *** Guest State ***
[  282.683489] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:57:48 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x1000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  282.717414] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:57:48 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xffffff9e, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  282.772763] CR3 = 0x0000000000000000
09:57:48 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  282.806361] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  282.851872] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  282.879838] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  282.901442] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  282.910959] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  282.919560] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  282.928552] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  282.938174] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  282.946831] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  282.959933] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  282.973570] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  282.982649] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  282.991807] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  283.000618] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  283.007692] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  283.019999] Interruptibility = 00000000  ActivityState = 00000000
[  283.034827] *** Host State ***
[  283.039547] RIP = 0xffffffff811affaf  RSP = 0xffff8880512b78c0
[  283.046829] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  283.053331] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  283.062092] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  283.069271] CR0=0000000080050033 CR3=0000000093d44000 CR4=00000000001426f0
[  283.076982] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  283.083676] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  283.090604] *** Control State ***
[  283.094163] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  283.101713] EntryControls=0000d1ff ExitControls=002fefff
[  283.107884] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  283.114816] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  283.122357] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  283.129502]         reason=80000021 qualification=0000000000000000
[  283.136464] IDTVectoring: info=00000000 errcode=00000000
[  283.141917] TSC Offset = 0xffffff66b6e03894
[  283.147222] TPR Threshold = 0x00
[  283.150590] EPT pointer = 0x000000008fac901e
[  283.156196] Virtual processor ID = 0x0001
09:57:51 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:57:51 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:51 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x4000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:51 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:51 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xfffffff0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(0xffffffffffffffff, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:51 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xfffffff5, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:51 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:57:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(0xffffffffffffffff, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:51 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:51 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x6b6b6b00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:51 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xfffffffc, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:54 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:54 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:54 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(0xffffffffffffffff, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x40002102)

09:57:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfeffff00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:54 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(0xffffffffffffffff, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:54 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0xffffffff, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x100000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:54 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:54 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:54 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:54 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, 0x0, 0x40002102)

09:57:54 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x200000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:57 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:57 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:57 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x2, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:57 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x900000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:57 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, 0x0, 0x40002102)

09:57:57 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:57 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x3, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:57 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, 0x0, 0x40002102)

09:57:57 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x1000000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:57 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x4, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, 0xffffffffffffffff, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:58 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:57:58 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:58 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0}, 0x40002102)

09:57:58 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x8, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:58 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2000000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  292.624853] ptrace attach of ""[12872] was attempted by "/root/syz-executor.2"[12874]
09:57:58 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xe, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:57:58 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:57:58 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0}, 0x40002102)

09:57:58 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2200000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:57:58 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:57:58 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:58:01 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:01 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:01 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0}, 0x40002102)

09:58:01 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x2c00000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:01 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:58:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:01 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x3f00000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:01 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r1)

09:58:01 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x0)

09:58:01 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x60, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:01 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x4000000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:04 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:04 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:04 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xdd, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:04 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x8cffffff00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:04 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x0)

09:58:04 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:04 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:04 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xf6ffffff00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:04 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x300, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:04 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:07 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:07 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xfeffffff00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:07 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xe00, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:07 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:07 executing program 0:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x7fe, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000cd2ff0)={0x2, 0x4e23}, 0x6b)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x3, 0x64031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
recvmsg(r0, &(0x7f0000edffc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000603000)=""/81, 0xb15e2ac0d3828044}, 0x0)

09:58:07 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:07 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf00, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:07 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffff000000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:07 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffff1f0000000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:07 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x2000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

[  302.777515] NOHZ: local_softirq_pending 08
09:58:10 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:10 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:10 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffffff7f00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x3f00, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000, 0x1], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x6000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:10 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffffffff00000000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:10 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  304.941980] *** Guest State ***
[  304.954628] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  304.980280] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000, 0x0, 0x10000], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:10 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xdd00, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  305.021477] CR3 = 0x0000000000000000
[  305.040026] RSP = 0x0000000000000000  RIP = 0x0000000000005000
09:58:11 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0xffffffff87800000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  305.072221] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  305.099104] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  305.118515] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  305.146924] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.156968] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.164918] *** Guest State ***
[  305.168838] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.177520] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  305.179215] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.191339] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  305.200671] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.213474] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  305.221697] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  305.229035] CR3 = 0x0000000000000000
[  305.231815] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  305.242339] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  305.252078] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  305.256158] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  305.259905] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  305.279489] Interruptibility = 00000000  ActivityState = 00000000
[  305.280352] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  305.287061] *** Host State ***
[  305.296393] RIP = 0xffffffff811affaf  RSP = 0xffff8880a07a78c0
[  305.303393] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  305.303799] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  305.318076] FSBase=00007f465bb9d700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  305.322819] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  305.327677] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  305.341013] CR0=0000000080050033 CR3=00000000a0bd6000 CR4=00000000001426f0
[  305.349192] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  305.357213] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.359434] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  305.378444] *** Control State ***
[  305.379649] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.386143] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  305.397666] EntryControls=0000d1ff ExitControls=002fefff
[  305.405202] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  305.407209] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.416043] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  305.435006] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.445205] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  305.465265] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  305.474418]         reason=80000021 qualification=0000000000000000
[  305.483210] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  305.491237] IDTVectoring: info=00000000 errcode=00000000
[  305.497017] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  305.497030] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  305.497046] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  305.497056] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  305.497067] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  305.497079] Interruptibility = 00000000  ActivityState = 00000000
[  305.524262] TSC Offset = 0xffffff5ac901d80f
[  305.528591] *** Host State ***
[  305.545432] TPR Threshold = 0x00
[  305.546387] RIP = 0xffffffff811affaf  RSP = 0xffff8880472678c0
[  305.553753] EPT pointer = 0x0000000083ea901e
[  305.569088] Virtual processor ID = 0x0001
[  305.585355] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  305.592008] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  305.600126] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  305.609947] CR0=0000000080050033 CR3=00000000a9761000 CR4=00000000001426e0
[  305.618036] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  305.625319] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  305.631698] *** Control State ***
[  305.635813] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  305.648034] EntryControls=0000d1ff ExitControls=002fefff
[  305.654167] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  305.661295] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  305.668518] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  305.675998]         reason=80000021 qualification=0000000000000000
[  305.682782] IDTVectoring: info=00000000 errcode=00000000
[  305.688457] TSC Offset = 0xffffff5aaa51259e
[  305.693340] TPR Threshold = 0x00
[  305.697067] EPT pointer = 0x00000000a4f2101e
[  305.701715] Virtual processor ID = 0x0002
09:58:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:13 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:13 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:13 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:13 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x100000000000], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf0ffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:13 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:13 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:14 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x4, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  308.047524] *** Guest State ***
[  308.074029] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  308.104193] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:14 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x1000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:14 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)
close(r2)

09:58:14 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  308.139794] CR3 = 0x0000000000000000
[  308.159302] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  308.169571] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:58:14 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x9, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  308.190541] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  308.220156] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
09:58:14 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x2000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  308.250743] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  308.273517] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  308.291533] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:58:14 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
setsockopt$inet_dccp_int(r3, 0x21, 0xa, &(0x7f0000000080)=0x40, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  308.326368] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  308.351331] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  308.374466] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  308.394274] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  308.403786] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  308.411961] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  308.426569] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  308.449506] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  308.459278] Interruptibility = 00000000  ActivityState = 00000000
[  308.466692] *** Host State ***
[  308.469978] RIP = 0xffffffff811affaf  RSP = 0xffff8880921af8c0
[  308.477306] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  308.484917] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  308.493689] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  308.499757] CR0=0000000080050033 CR3=0000000095e7d000 CR4=00000000001426f0
[  308.509930] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  308.518075] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  308.525318] *** Control State ***
[  308.528904] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  308.537559] EntryControls=0000d1ff ExitControls=002fefff
[  308.544116] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  308.551218] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  308.560253] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  308.567482]         reason=80000021 qualification=0000000000000000
[  308.574579] IDTVectoring: info=00000000 errcode=00000000
[  308.580030] TSC Offset = 0xffffff591eff0de0
[  308.585212] TPR Threshold = 0x00
[  308.588582] EPT pointer = 0x00000000a0f5501e
[  308.594033] Virtual processor ID = 0x0001
09:58:16 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r2, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x1000000000016)

09:58:16 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x10, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:16 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)
close(r2)

09:58:16 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x3000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:16 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r3}], 0x20000000000000cc, 0x0)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x4000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:17 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)
close(r2)

09:58:17 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  311.111132] *** Guest State ***
09:58:17 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x22, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  311.146812] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  311.185573] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:17 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x6b8ffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  311.218927] CR3 = 0x0000000000000000
09:58:17 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

[  311.245132] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  311.270228] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  311.295449] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  311.307498] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  311.319598] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  311.346150] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  311.371772] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  311.381673] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  311.395320] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  311.405065] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  311.419361] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  311.428750] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  311.439757] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  311.449011] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  311.456431] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  311.468914] Interruptibility = 00000000  ActivityState = 00000000
[  311.476342] *** Host State ***
[  311.479658] RIP = 0xffffffff811affaf  RSP = 0xffff888042c478c0
[  311.486725] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  311.493541] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  311.501341] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  311.507544] CR0=0000000080050033 CR3=0000000096291000 CR4=00000000001426e0
[  311.514663] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  311.521355] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  311.527675] *** Control State ***
[  311.531129] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  311.537967] EntryControls=0000d1ff ExitControls=002fefff
[  311.544030] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  311.550971] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  311.557706] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  311.564381]         reason=80000021 qualification=0000000000000000
[  311.570687] IDTVectoring: info=00000000 errcode=00000000
[  311.576286] TSC Offset = 0xffffff577c985139
[  311.580607] TPR Threshold = 0x00
[  311.584036] EPT pointer = 0x0000000095f7601e
[  311.588470] Virtual processor ID = 0x0001
09:58:19 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:19 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
socket$inet(0x2, 0x4000000000000001, 0x0)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:19 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2c, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:19 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x8000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:19 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

09:58:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x5000, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:20 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(0xffffffffffffffff)

09:58:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xe000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:20 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:20 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x900, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  314.127267] *** Guest State ***
[  314.137484] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:58:20 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:20 executing program 3 (fault-call:5 fault-nth:0):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

[  314.198062] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  314.248277] CR3 = 0x0000000000000000
[  314.271024] RSP = 0x0000000000000000  RIP = 0x0000000000005000
[  314.285026] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  314.317286] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  314.327592] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  314.339416] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  314.351556] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  314.366265] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  314.376387] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  314.397008] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  314.410444] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  314.423131] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  314.431206] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  314.440299] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  314.448506] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  314.455226] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  314.462811] Interruptibility = 00000000  ActivityState = 00000000
[  314.469055] *** Host State ***
[  314.472364] RIP = 0xffffffff811affaf  RSP = 0xffff8880516ff8c0
[  314.478344] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  314.484964] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  314.492898] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  314.498828] CR0=0000000080050033 CR3=000000008a3ad000 CR4=00000000001426f0
[  314.505926] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  314.512678] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  314.518725] *** Control State ***
[  314.522264] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  314.528955] EntryControls=0000d1ff ExitControls=002fefff
[  314.534496] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  314.541444] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  314.548184] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  314.554838]         reason=80000021 qualification=0000000000000000
[  314.561145] IDTVectoring: info=00000000 errcode=00000000
[  314.566746] TSC Offset = 0xffffff55dea5c208
[  314.571069] TPR Threshold = 0x00
[  314.574489] EPT pointer = 0x000000008c4d501e
[  314.578937] Virtual processor ID = 0x0001
09:58:23 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:23 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:23 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:23 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:23 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x20000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:23 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:23 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x3f000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:23 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:23 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2200, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:23 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r3 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000080)=0x50000000, 0x4)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r2)

09:58:23 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x60000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  317.228905] *** Guest State ***
[  317.244342] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:58:23 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x74, 0x0, 0x9, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2={0xfc, 0x2, [], 0x1}}}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0xfff}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  317.276392] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  317.321298] CR3 = 0x0000000000000000
[  317.343171] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  317.359716] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  317.366819] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  317.374657] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  317.383629] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  317.393320] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  317.414111] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  317.423332] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  317.431830] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  317.444708] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  317.461223] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  317.470506] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  317.479451] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  317.488601] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  317.495755] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  317.504022] Interruptibility = 00000000  ActivityState = 00000000
[  317.510416] *** Host State ***
[  317.514867] RIP = 0xffffffff811affaf  RSP = 0xffff88804d18f8c0
[  317.520946] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  317.528247] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  317.536601] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  317.543198] CR0=0000000080050033 CR3=00000000a83d1000 CR4=00000000001426e0
[  317.550268] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  317.557811] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  317.565123] *** Control State ***
[  317.568655] PinBased=0000003f CPUBased=b5a06dfe SecondaryExec=000000e3
[  317.576449] EntryControls=0000d1ff ExitControls=002fefff
[  317.582793] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  317.589847] VMEntry: intr_info=80000001 errcode=00000000 ilen=00000000
[  317.597373] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  317.604620]         reason=80000021 qualification=0000000000000000
[  317.610933] IDTVectoring: info=00000000 errcode=00000000
[  317.617184] TSC Offset = 0xffffff543483a04f
[  317.622171] TPR Threshold = 0x00
[  317.625547] EPT pointer = 0x00000000a432c01e
[  317.630061] Virtual processor ID = 0x0001
09:58:26 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:26 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = socket(0x15, 0x80000, 0x2)
connect$ax25(r1, &(0x7f0000000080)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000140)={0x3, 'syzkaller0\x00', {0x4}, 0x5})
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008", 0x38}, 0x60)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
close(r0)
socket$inet_icmp(0x2, 0x2, 0x1)

09:58:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2c00, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x9effffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:26 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100))
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xdd000000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:26 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:26 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf0ffffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100))
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:26 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x3f00, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:26 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:29 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, 0x0, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:29 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xf5ffffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:29 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="4400000007d9d066ba8cf598fbc026338c3457179c36d3d712dedd5d61bb6fddcd7c258dd82919510d0d7d1689bf08b6fe100e8bbf66a58681b3d6934583cf35a555d657113fe3096e2633a4bb81712225981f00b4e5ac231c41bca73c96f4ffd902e1053d2c2cca7216afabad25f4b94c1599757a75d3068d68cd0f9148abbb2034e8274677ba147b4912375fec01bfbcfb98c3c1c924bf3e143c3ba831c53ce36bfe8a9b6f7b1ed4ad4d0d9ac186f2d2f769f5e41df2ed06e9e2ca269d0ba13b22cb66ed566ab1a10f0ad20a25a942b112db45209b4c4b9c47226fafbff9ea5907a68da0fddfbd51c6a10ad5103dd1b5b94da9d3b8b33d2fa56c1afe", @ANYRES16=r7, @ANYBLOB="010000000000000000000900000030000380080001000000000014000200726f736530000000000000000000000005000800020000000800030000000000"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0xf0, r7, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7f}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xd8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}]}, @IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x16}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x6c}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_macvtap\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x41}, 0x9851)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f0000000140))
r8 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r9, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r9)

09:58:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x4000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:29 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100))
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:29 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xfcffffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:29 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
setsockopt$inet_opts(r3, 0x0, 0x0, &(0x7f0000000180)="1ec8cebc4cfc5bf7c19f7709f2b892dd", 0x10)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00')
r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcsa\x00', 0x14201, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(r5, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xa001}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x70, r4, 0x422, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x108c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}]}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x400}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x8000)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r6)

09:58:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x8087, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:29 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:29 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xffffb806, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  323.540547] *** Guest State ***
[  323.544525] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  323.555340] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  323.565415] CR3 = 0x0000000000000000
[  323.569343] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  323.577687] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  323.584790] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  323.599671] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  323.608710] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  323.617561] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  323.626564] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  323.635729] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  323.644888] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  323.653979] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  323.664001] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  323.672995] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  323.682069] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  323.690242] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  323.698267] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  323.706548] Interruptibility = 00000000  ActivityState = 00000000
[  323.713854] *** Host State ***
[  323.717263] RIP = 0xffffffff811affaf  RSP = 0xffff88804e8278c0
[  323.724550] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  323.732060] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  323.740077] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  323.747298] CR0=0000000080050033 CR3=00000000a6435000 CR4=00000000001426e0
[  323.755132] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  323.762810] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  323.769082] *** Control State ***
[  323.773725] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  323.780515] EntryControls=0000d1ff ExitControls=002fefff
[  323.786812] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  323.794286] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  323.801580] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  323.808160]         reason=80000021 qualification=0000000000000000
[  323.815857] IDTVectoring: info=00000000 errcode=00000000
[  323.822046] TSC Offset = 0xffffff50d2e1cfba
[  323.826391] TPR Threshold = 0x00
[  323.829748] EPT pointer = 0x000000009e8f101e
[  323.835233] Virtual processor ID = 0x0001
09:58:32 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, 0x0, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xedc0, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:32 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xfffff000, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:32 executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008", 0xf}, 0x60)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f00000000c0)={0x4, 0x9, 0x2, r0, 0x0, &(0x7f0000000080)={0x9c0908, 0x100, [], @value64=0x28b8000000}})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r4=>0x0}, &(0x7f00000000c0)=0xc)
setresgid(0x0, 0x0, r4)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r6=>0x0}, &(0x7f00000000c0)=0xc)
setresgid(0x0, 0x0, r6)
r7 = socket$inet(0x2, 0x6, 0x0)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r7}], 0x20000000000000cc, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, <r8=>0x0}, &(0x7f0000000180)=0xc)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r10=>0x0}, &(0x7f00000000c0)=0xc)
setresgid(0x0, 0x0, r10)
setgroups(0x4, &(0x7f00000001c0)=[r4, r6, r8, r10])
close(0xffffffffffffffff)

09:58:32 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xffffff7f, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:32 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:32 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x40000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  326.389341] *** Guest State ***
09:58:32 executing program 0:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  326.427934] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:58:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xffffff9e, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:32 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
dup(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
dup(r4)
fsetxattr$security_capability(r4, &(0x7f0000000080)='security.capability\x00', &(0x7f00000000c0)=@v1={0x1000000, [{0x6, 0x7f}]}, 0xc, 0x3)
ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000140))
close(r2)

[  326.518976] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  326.550140] CR3 = 0x0000000000000000
[  326.565957] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  326.605424] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  326.659904] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  326.679375] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  326.688356] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  326.703366] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  326.715532] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  326.727262] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  326.738843] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  326.747787] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  326.756750] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  326.765292] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  326.774039] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  326.782691] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  326.789108] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  326.797409] Interruptibility = 00000000  ActivityState = 00000000
[  326.804136] *** Host State ***
[  326.807438] RIP = 0xffffffff811affaf  RSP = 0xffff8880461df8c0
[  326.814516] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  326.821546] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  326.829353] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  326.836203] CR0=0000000080050033 CR3=000000009015b000 CR4=00000000001426f0
[  326.843796] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  326.850461] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  326.857417] *** Control State ***
[  326.861507] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  326.868174] EntryControls=0000d1ff ExitControls=002fefff
[  326.874516] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  326.881997] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  326.888662] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  326.896068]         reason=80000021 qualification=0000000000000000
[  326.902869] IDTVectoring: info=00000000 errcode=00000000
[  326.908311] TSC Offset = 0xffffff4f4cf0b412
[  326.913711] TPR Threshold = 0x00
[  326.917085] EPT pointer = 0x00000000a664801e
[  326.922232] Virtual processor ID = 0x0001
09:58:35 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, 0x0, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:35 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000140)={<r5=>r4}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={r4, 0xffff}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000240)={r5, 0x94, "bf595aa575ee3143fb1130ba461ee004c73ae508e4d4c3a42c09cf46d5c7d77470fd0848c7b37a0f6db00935ac9fe63480eb27c53aa2d37833f0a38c494456b218d60691a7685e1e640e26895b3d05413f20582e308f6f4e74248b8e6a18f98c7a16ca5d0749b3082832ea5eb5af4c44bc76f784723355451b7ce5f649d71b05616ecfb0c0c858f19e61719159cd39d410e1aa06"}, &(0x7f0000000200)=0x9c)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r6)

09:58:35 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x1fffff, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xfffffff0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:35 executing program 0:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xfffffff5, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:35 executing program 0:
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:35 executing program 3:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)
poll(&(0x7f00000000c0)=[{r2}], 0x20000000000000cc, 0x0)
ioctl(r2, 0xb1b, &(0x7f0000000100)="ec2d7e6a690344676848c06d2576db5defef7332fdb2f002c710722f7fe5216c5d558ddc0fa76e27860df1fb8d2da8188953ae86ae8be8ecc795d8264e9bce1c164c55a8e8a09bef8f2fcfc08c0767a31cbf8a09ecb4f1aa9401b3dcdd91ce9b9e5d37c7e1a57c23725003cb7637c0531e627237c2daa037b2280e869ad0a928dc96b6a7bccada8a90a7690b664eb3e0398cb718a82889ef2a954b081b0f2ad4aca675903e4733ba484837d4df39ec4bb32d79d0814a9c701c3b1ea76ba46a415ebc872c67705fc91a63d483c6417e47a6aa5d62a497a6621a002ac507d75a79a5f3506d7d72a496cd4f1883077d43545557fdd3bc3b9246cf")
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r3, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
close(r3)

09:58:35 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x6b6b6b, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  329.440249] *** Guest State ***
[  329.451844] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  329.478874] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:35 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  329.521773] CR3 = 0x0000000000000000
[  329.538212] RSP = 0x0000000000000000  RIP = 0x0000000000000000
09:58:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xfffffffc, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  329.563193] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  329.590008] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  329.619313] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  329.652954] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  329.679475] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  329.697740] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  329.706853] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  329.719193] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  329.727797] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  329.736212] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  329.744774] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  329.753029] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  329.761890] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  329.768477] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  329.776193] Interruptibility = 00000000  ActivityState = 00000000
[  329.786334] *** Host State ***
[  329.789694] RIP = 0xffffffff811affaf  RSP = 0xffff88804c44f8c0
[  329.795982] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  329.802779] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  329.810807] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  329.816808] CR0=0000000080050033 CR3=00000000a7e75000 CR4=00000000001426f0
[  329.823990] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  329.830741] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  329.836793] *** Control State ***
[  329.840228] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  329.846974] EntryControls=0000d1ff ExitControls=002fefff
[  329.852929] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  329.859876] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  329.866635] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  329.873305]         reason=80000021 qualification=0000000000000000
[  329.879614] IDTVectoring: info=00000000 errcode=00000000
[  329.885135] TSC Offset = 0xffffff4daa9dcede
[  329.889564] TPR Threshold = 0x00
[  329.893678] EPT pointer = 0x00000000949a101e
[  329.898178] Virtual processor ID = 0x0001
09:58:38 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:38 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x4001fc)
close(r2)

09:58:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xfeffff, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:38 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:38 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0xffffffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:38 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x3}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:38 executing program 0:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x1000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  332.529600] *** Guest State ***
[  332.554119] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:58:38 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  332.594657] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:38 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  332.636357] CR3 = 0x0000000000000000
[  332.649057] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  332.675093] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:58:38 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  332.706980] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  332.729988] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  332.750824] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  332.786388] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  332.820074] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  332.866031] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  332.887488] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  332.907326] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  332.945841] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  332.954890] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  332.963287] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  332.971603] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  332.978412] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  332.986619] Interruptibility = 00000000  ActivityState = 00000000
[  332.993160] *** Host State ***
[  332.996584] RIP = 0xffffffff811affaf  RSP = 0xffff8880497df8c0
[  333.003059] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  333.009656] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  333.017798] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  333.024192] CR0=0000000080050033 CR3=0000000099703000 CR4=00000000001426e0
[  333.031566] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  333.038417] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  333.044830] *** Control State ***
[  333.048487] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  333.055506] EntryControls=0000d1ff ExitControls=002fefff
[  333.062012] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  333.069126] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  333.076360] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  333.083196]         reason=80000021 qualification=0000000000000000
[  333.089869] IDTVectoring: info=00000000 errcode=00000000
[  333.095701] TSC Offset = 0xffffff4c02e1de68
[  333.100305] TPR Threshold = 0x00
[  333.103849] EPT pointer = 0x00000000a574b01e
[  333.108448] Virtual processor ID = 0x0001
09:58:39 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x9000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:39 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:39 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  333.387575] *** Guest State ***
09:58:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x10000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x4}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

[  333.416858] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  333.473747] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
09:58:39 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  333.524808] CR3 = 0x0000000000000000
09:58:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x20000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  333.554189] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  333.584608] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  333.618567] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  333.648958] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
09:58:39 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  333.691535] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:58:39 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x22000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  333.741877] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  333.769996] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  333.806972] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:58:39 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  333.855768] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  333.895745] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  333.939089] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  333.976108] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  334.007147] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  334.035067] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  334.055081] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  334.089316] Interruptibility = 00000000  ActivityState = 00000000
[  334.115099] *** Host State ***
[  334.126536] RIP = 0xffffffff811affaf  RSP = 0xffff88804cd378c0
09:58:40 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:40 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x2c000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:40 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  334.164720] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  334.198342] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000034000
[  334.240230] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  334.240342] CR0=0000000080050033 CR3=000000005459d000 CR4=00000000001426f0
[  334.240357] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  334.240367] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  334.240376] *** Control State ***
[  334.240382] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  334.240389] EntryControls=0000d1ff ExitControls=002fefff
[  334.240399] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  334.327618] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  334.344234] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  334.355123]         reason=80000021 qualification=0000000000000000
[  334.375077] IDTVectoring: info=00000000 errcode=00000000
[  334.389212] TSC Offset = 0xffffff4b8d20976b
[  334.395318] TPR Threshold = 0x00
[  334.398894] EPT pointer = 0x000000008822601e
[  334.412220] Virtual processor ID = 0x0001
09:58:40 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:40 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:40 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x3f000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:40 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x9}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:40 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x40000000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:40 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  334.659690] *** Guest State ***
[  334.677041] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  334.736525] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  334.782689] CR3 = 0x0000000000000000
09:58:40 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:40 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x6b6b6b00, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  334.807311] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  334.846410] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
09:58:40 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  334.880345] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  334.912870] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
09:58:40 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  334.974950] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  335.009175] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:58:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x87800000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:41 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  335.050918] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  335.078576] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  335.128522] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  335.163502] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  335.205985] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  335.247457] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  335.282001] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  335.307250] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  335.322603] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  335.345858] Interruptibility = 00000000  ActivityState = 00000000
[  335.367218] *** Host State ***
[  335.378286] RIP = 0xffffffff811affaf  RSP = 0xffff8880a86678c0
[  335.395988] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  335.426412] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  335.447729] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  335.459247] CR0=0000000080050033 CR3=000000008a19d000 CR4=00000000001426e0
[  335.477175] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  335.487255] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  335.495793] *** Control State ***
[  335.499382] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  335.508523] EntryControls=0000d1ff ExitControls=002fefff
[  335.517215] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  335.526643] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  335.535782] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  335.544870]         reason=80000021 qualification=0000000000000000
[  335.554319] IDTVectoring: info=00000000 errcode=00000000
[  335.562395] TSC Offset = 0xffffff4adee8fd95
[  335.566834] TPR Threshold = 0x00
[  335.572712] EPT pointer = 0x000000008cc6301e
[  335.577250] Virtual processor ID = 0x0001
09:58:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:41 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x8cffffff, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:41 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:41 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:41 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:41 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0xc}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xc0ed0000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  335.747112] *** Guest State ***
[  335.779447] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
09:58:41 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  335.819711] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  335.845586] CR3 = 0x0000000000000000
[  335.859719] RSP = 0x0000000000000000  RIP = 0x0000000000000000
09:58:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xf6ffffff, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  335.883690] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  335.913660] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  335.929702] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
09:58:41 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

[  335.968673] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
09:58:41 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xfeffffff, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  336.027117] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.063888] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.097546] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.137867] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.175249] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  336.208404] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  336.233093] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  336.266964] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  336.275928] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  336.283001] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  336.299144] Interruptibility = 00000000  ActivityState = 00000000
[  336.307134] *** Host State ***
[  336.310764] RIP = 0xffffffff811affaf  RSP = 0xffff88804e6e78c0
[  336.321418] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  336.331471] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  336.344291] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  336.354709] CR0=0000000080050033 CR3=000000008a19d000 CR4=00000000001426f0
[  336.368396] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  336.376863] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  336.383241] *** Control State ***
[  336.390046] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  336.407620] EntryControls=0000d1ff ExitControls=002fefff
[  336.422812] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  336.430520] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  336.437452] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  336.444427]         reason=80000021 qualification=0000000000000000
[  336.452062] IDTVectoring: info=00000000 errcode=00000000
[  336.457971] TSC Offset = 0xffffff4a4a259725
[  336.462900] TPR Threshold = 0x00
[  336.466522] EPT pointer = 0x000000008f93101e
[  336.481340] Virtual processor ID = 0x0001
09:58:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:42 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)

09:58:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xffff0000, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:42 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, 0x0)
ptrace$setopts(0x4206, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

09:58:42 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x18}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}]}]}, 0x74}}, 0x0)

09:58:42 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)

09:58:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xffff1f00, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  336.697576] *** Guest State ***
[  336.717379] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  336.744590] BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1355
[  336.763761] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  336.769522] in_atomic(): 0, irqs_disabled(): 0, pid: 14007, name: syz-executor.5
09:58:42 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)

[  336.795972] CR3 = 0x0000000000000000
[  336.804329] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  336.818913] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  336.840981] 3 locks held by syz-executor.5/14007:
09:58:42 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xfffffe00, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  336.850975] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  336.858976]  #0: 000000002f0132a5 (&table[i].mutex){+.+.}, at: nfnetlink_rcv_msg+0x98d/0xf60
[  336.885156]  #1: 000000007f487c32 (rcu_read_lock){....}, at: ctnetlink_create_conntrack+0x199/0x12c0
[  336.890104] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  336.915979]  #2: 0000000036b86379 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e2/0xde0
[  336.937761] Preemption disabled at:
[  336.937786] [<ffffffff81581e42>] rcu_lockdep_current_cpu_online+0x32/0x1b0
09:58:42 executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, 0x0, 0x0)

[  336.947475] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.963657] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.983731] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  336.986312] CPU: 1 PID: 14007 Comm: syz-executor.5 Not tainted 4.19.134-syzkaller #0
[  336.999716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.009077] Call Trace:
[  337.011682]  dump_stack+0x1fc/0x2fe
[  337.012360] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  337.015321]  ? rcu_lockdep_current_cpu_online+0x32/0x1b0
[  337.015340]  ___might_sleep.cold+0x235/0x250
[  337.015359]  __do_page_fault+0x40d/0xde0
[  337.015377]  ? trace_hardirqs_off_caller+0x69/0x210
[  337.042243]  ? spurious_fault+0x840/0x840
[  337.046418]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  337.046632] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  337.051271]  page_fault+0x1e/0x30
[  337.051282] RIP: 0010:          (null)
[  337.051305] Code: Bad RIP value.
[  337.051312] RSP: 0018:ffff888042edf190 EFLAGS: 00010246
[  337.051322] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90010603000
[  337.051330] RDX: 1ffffffff135df4e RSI: ffff888042edf210 RDI: ffff888042edf260
[  337.051337] RBP: ffff8880a6769600 R08: 0000000000000001 R09: 0000000000000000
[  337.051348] R10: 0000000000000005 R11: 00000000c85ba55e R12: 0000000000000000
[  337.074628] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  337.075336] R13: 0000000000000001 R14: ffffffff89aefa38 R15: ffff888042edf210
[  337.100186] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  337.104416]  ? nfnetlink_parse_nat_setup+0x243/0x640
[  337.104435]  ? nf_nat_inet_fn+0xb00/0xb00
[  337.104451]  ? lock_downgrade+0x720/0x720
[  337.104463]  ? lock_acquire+0x170/0x3c0
[  337.104481]  ? cache_alloc_refill+0x95/0x340
[  337.112657] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  337.119722]  ? ctnetlink_parse_nat_setup+0xb6/0x640
[  337.119743]  ? ctnetlink_create_conntrack+0x4bb/0x12c0
[  337.119760]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[  337.119780]  ? hash_conntrack_raw+0x2d6/0x460
[  337.119796]  ? nf_ct_get_tuplepr+0x310/0x310
[  337.127962] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  337.132849]  ? nf_ct_gc_expired+0x300/0x300
[  337.132862]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  337.132888]  ? ctnetlink_new_conntrack+0x4f3/0xde0
[  337.132907]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  337.132918]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  337.132933]  ? netlink_deliver_tap+0x8fb/0xb00
[  337.132947]  ? nfnetlink_rcv_msg+0x95a/0xf60
[  337.137258] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  337.141236]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  337.141259]  ? nfnetlink_rcv_msg+0xc4f/0xf60
[  337.141284]  ? nfnetlink_net_exit_batch+0x150/0x150
[  337.141322]  ? cred_has_capability.isra.0+0x139/0x2b0
[  337.145434] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  337.149668]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[  337.149685]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  337.149699]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  337.149720]  ? netlink_rcv_skb+0x160/0x440
[  337.149736]  ? nfnetlink_net_exit_batch+0x150/0x150
[  337.157897] Interruptibility = 00000000  ActivityState = 00000000
[  337.162702]  ? netlink_ack+0xae0/0xae0
[  337.162725]  ? ns_capable+0xde/0x100
[  337.162743]  ? nfnetlink_rcv+0x1b2/0x41b
[  337.162756]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[  337.162776]  ? netlink_unicast+0x4d5/0x690
[  337.162794]  ? netlink_sendskb+0x110/0x110
[  337.168204] *** Host State ***
[  337.173748]  ? netlink_sendmsg+0x6bb/0xc40
[  337.173767]  ? nlmsg_notify+0x1a0/0x1a0
[  337.173783]  ? kernel_recvmsg+0x220/0x220
[  337.173805]  ? nlmsg_notify+0x1a0/0x1a0
[  337.173818]  ? sock_sendmsg+0xc3/0x120
[  337.173835]  ? ___sys_sendmsg+0x7bb/0x8e0
[  337.178470] RIP = 0xffffffff811affaf  RSP = 0xffff88804e30f8c0
[  337.182699]  ? __lock_acquire+0x6de/0x3ff0
[  337.182716]  ? copy_msghdr_from_user+0x440/0x440
[  337.182735]  ? __fget+0x32f/0x510
[  337.182754]  ? lock_downgrade+0x720/0x720
[  337.182766]  ? check_preemption_disabled+0x41/0x280
[  337.182784]  ? check_preemption_disabled+0x41/0x280
[  337.190947] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  337.195057]  ? __fget+0x356/0x510
[  337.195077]  ? do_dup2+0x450/0x450
[  337.195100]  ? __fdget+0x1d0/0x230
[  337.195119]  ? __x64_sys_sendmsg+0x132/0x220
[  337.199652] FSBase=00007fd5feade700 GSBase=ffff8880ae600000 TRBase=fffffe0000003000
[  337.204414]  ? __sys_sendmsg+0x1b0/0x1b0
[  337.204439]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  337.204454]  ? trace_hardirqs_off_caller+0x69/0x210
[  337.204470]  ? do_syscall_64+0x21/0x620
[  337.204488]  ? do_syscall_64+0xf9/0x620
[  337.204505]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  337.265956] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[  337.351946] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  337.356729] PGD 928b8067 P4D 928b8067 PUD 8bee7067 PMD 0 
[  337.356755] Oops: 0010 [#1] PREEMPT SMP KASAN
[  337.356770] CPU: 1 PID: 14007 Comm: syz-executor.5 Tainted: G        W         4.19.134-syzkaller #0
[  337.369117] CR0=0000000080050033 CR3=000000009e07c000 CR4=00000000001426f0
[  337.369341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  337.381099] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  337.384166] RIP: 0010:          (null)
[  337.384192] Code: Bad RIP value.
[  337.391153] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
09:58:43 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x280, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = memfd_create(&(0x7f00000000c0)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86\x06\x00\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j\x16\xeb>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\x02j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x02\x00\x00\x00\x00\x00\x00\x00_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2\x03\x00\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU=.\')\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf1J\xd9\x13Q\x94R/\xdf\x1e\x9e\xe57\xda{\xe1D\x00\x00\x00\x00H\xe6\x0f\xe0]\xef\x8b\xcdk\xfe\xf6\xcc+rp\xd5\b~\xf6\xa2\x87\xed<\xc2bO\x88\x03n%\xaa;\x1egs\xacg\xd1k\xfe\xcaW ', 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000000300))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = gettid()
syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
ptrace$setopts(0xffffffffffffffff, r3, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x1000000000016)

[  337.391425] RSP: 0018:ffff888042edf190 EFLAGS: 00010246
[  337.401322] *** Control State ***
[  337.403593] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90010603000
[  337.403603] RDX: 1ffffffff135df4e RSI: ffff888042edf210 RDI: ffff888042edf260
[  337.403611] RBP: ffff8880a6769600 R08: 0000000000000001 R09: 0000000000000000
[  337.403617] R10: 0000000000000005 R11: 00000000c85ba55e R12: 0000000000000000
[  337.403629] R13: 0000000000000001 R14: ffffffff89aefa38 R15: ffff888042edf210
[  337.411678] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
09:58:43 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xffffff7f, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

[  337.412414] FS:  00007fb1664fc700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  337.412427] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  337.431223] EntryControls=0000d1ff ExitControls=002fefff
[  337.438667] CR2: ffffffffffffffd6 CR3: 0000000094e0c000 CR4: 00000000001426e0
[  337.438679] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  337.438690] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  337.465217] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  337.470858] Call Trace:
[  337.470881]  nfnetlink_parse_nat_setup+0x243/0x640
[  337.470897]  ? nf_nat_inet_fn+0xb00/0xb00
[  337.470910]  ? lock_downgrade+0x720/0x720
[  337.470927]  ? lock_acquire+0x170/0x3c0
[  337.496765] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  337.500215]  ? cache_alloc_refill+0x95/0x340
[  337.500240]  ctnetlink_parse_nat_setup+0xb6/0x640
[  337.500257]  ctnetlink_create_conntrack+0x4bb/0x12c0
[  337.508989] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  337.509113]  ? ctnetlink_change_synproxy.isra.0+0x380/0x380
[  337.532519]         reason=80000021 qualification=0000000000000000
[  337.539020]  ? hash_conntrack_raw+0x2d6/0x460
[  337.539032]  ? nf_ct_get_tuplepr+0x310/0x310
[  337.539048]  ? nf_ct_gc_expired+0x300/0x300
[  337.597862] IDTVectoring: info=00000000 errcode=00000000
[  337.602516]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  337.602535]  ctnetlink_new_conntrack+0x4f3/0xde0
[  337.602550]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  337.602565]  ? nfnetlink_rcv_msg+0x98d/0xf60
[  337.620386] TSC Offset = 0xffffff49c754aa13
[  337.622301]  ? netlink_deliver_tap+0x8fb/0xb00
[  337.622316]  ? nfnetlink_rcv_msg+0x95a/0xf60
[  337.633459] TPR Threshold = 0x00
[  337.638231]  ? ctnetlink_create_conntrack+0x12c0/0x12c0
[  337.638246]  nfnetlink_rcv_msg+0xc4f/0xf60
[  337.665607] EPT pointer = 0x000000008b12801e
[  337.666424]  ? nfnetlink_net_exit_batch+0x150/0x150
[  337.666450]  ? cred_has_capability.isra.0+0x139/0x2b0
[  337.682983] Virtual processor ID = 0x0001
[  337.684974]  ? cred_has_capability.isra.0+0x1b0/0x2b0
[  337.684991]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  337.754534]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[  337.759480]  netlink_rcv_skb+0x160/0x440
[  337.763558]  ? nfnetlink_net_exit_batch+0x150/0x150
[  337.768592]  ? netlink_ack+0xae0/0xae0
[  337.772493]  ? ns_capable+0xde/0x100
[  337.776218]  nfnetlink_rcv+0x1b2/0x41b
[  337.780114]  ? nfnetlink_rcv_batch+0x1df0/0x1df0
[  337.784891]  netlink_unicast+0x4d5/0x690
[  337.788961]  ? netlink_sendskb+0x110/0x110
[  337.793208]  netlink_sendmsg+0x6bb/0xc40
[  337.797282]  ? nlmsg_notify+0x1a0/0x1a0
[  337.801267]  ? kernel_recvmsg+0x220/0x220
[  337.805427]  ? nlmsg_notify+0x1a0/0x1a0
[  337.809409]  sock_sendmsg+0xc3/0x120
[  337.813133]  ___sys_sendmsg+0x7bb/0x8e0
[  337.817113]  ? __lock_acquire+0x6de/0x3ff0
[  337.821351]  ? copy_msghdr_from_user+0x440/0x440
[  337.826109]  ? __fget+0x32f/0x510
[  337.829570]  ? lock_downgrade+0x720/0x720
[  337.833723]  ? check_preemption_disabled+0x41/0x280
[  337.838748]  ? check_preemption_disabled+0x41/0x280
[  337.843775]  ? __fget+0x356/0x510
[  337.847235]  ? do_dup2+0x450/0x450
[  337.850783]  ? __fdget+0x1d0/0x230
[  337.854335]  __x64_sys_sendmsg+0x132/0x220
[  337.858580]  ? __sys_sendmsg+0x1b0/0x1b0
[  337.862653]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  337.867504]  ? trace_hardirqs_off_caller+0x69/0x210
[  337.872531]  ? do_syscall_64+0x21/0x620
[  337.876518]  do_syscall_64+0xf9/0x620
[  337.880430]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  337.885623] RIP: 0033:0x45c1f9
[  337.888822] Code: 8d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  337.907728] RSP: 002b:00007fb1664fbc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  337.915444] RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045c1f9
[  337.922993] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
[  337.930268] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000
[  337.937544] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c
[  337.944823] R13: 00007ffeb11f7a8f R14: 00007fb1664fc9c0 R15: 000000000078bf0c
[  337.952102] Modules linked in:
[  337.955301] CR2: 0000000000000000
09:58:44 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0xff}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:44 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="120000006bffff"], 0x15)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='9p\x00', 0xffffff8c, &(0x7f00000028c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

09:58:44 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r4, 0x0, 0x2, r4})
dup3(r3, r1, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x36ec7})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

09:58:44 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bind$nfc_llcp(r2, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "e99237e874d148f301f9a75f5a9bfef393afa5246879614ab5f48820fcd6baad5bd46a775a08d9cb4e54f97af0c65c1b9e7df0a52ad500f5f799c1c0d5e008"}, 0x60)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0)='NLBL_CALIPSO\x00')
sendmsg$NLBL_CALIPSO_C_REMOVE(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r5, 0x402, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x40000)
close(r2)

[  338.168598] *** Guest State ***
[  338.177850] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  338.197248] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  338.223205] CR3 = 0x0000000000000000
[  338.245308] *** Guest State ***
[  338.251008] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  338.257601] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  338.268994] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  338.276090] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  338.286547] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  338.295653] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  338.306131] CR3 = 0x0000000000000000
[  338.310655] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  338.317251] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.327199] RFLAGS=0x00036ec7         DR7 = 0x0000000000000400
[  338.343402] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.355747] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  338.363160] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  338.371939] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.380655] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.388785] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.397996] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.406754] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.415528] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.424780] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  338.443991] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.453310] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  338.471792] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  338.481679] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  338.498048] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  338.499542] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  338.516730] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  338.530984] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  338.534362] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  338.545238] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  338.555850] Interruptibility = 00000000  ActivityState = 00000000
[  338.555939] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  338.572297] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  338.576424] *** Host State ***
[  338.578779] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  338.589466] Interruptibility = 00000000  ActivityState = 00000000
[  338.589471] RIP = 0xffffffff811affaf  RSP = 0xffff888043f7f8c0
[  338.589489] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  338.597702] *** Host State ***
[  338.613347] RIP = 0xffffffff811affaf  RSP = 0xffff888050a578c0
[  338.616391] FSBase=00007fd5feade700 GSBase=ffff8880ae700000 TRBase=fffffe0000034000
[  338.619401] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  338.636059] FSBase=00007f465bb9d700 GSBase=ffff8880ae700000 TRBase=fffffe0000003000
[  338.637204] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  338.643958] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  338.651326] CR0=0000000080050033 CR3=000000009e07c000 CR4=00000000001426e0
[  338.657630] CR0=0000000080050033 CR3=000000009634b000 CR4=00000000001426e0
[  338.663778] Sysenter RSP=fffffe0000034000 CS:RIP=0010:ffffffff874013e0
[  338.669894] Sysenter RSP=fffffe0000003000 CS:RIP=0010:ffffffff874013e0
[  338.677507] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  338.685168] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  338.690311] *** Control State ***
[  338.695437] *** Control State ***
[  338.699812] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  338.704210] PinBased=0000003f CPUBased=b5a06dfa SecondaryExec=000000e3
[  338.709998] EntryControls=0000d1ff ExitControls=002fefff
[  338.715708] EntryControls=0000d1ff ExitControls=002fefff
[  338.722057] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  338.728468] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  338.734534] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  338.740544] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  338.748104] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  338.755834] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  338.761516]         reason=80000021 qualification=0000000000000000
[  338.767407]         reason=80000021 qualification=0000000000000000
[  338.774500] IDTVectoring: info=00000000 errcode=00000000
[  338.782057] IDTVectoring: info=00000000 errcode=00000000
[  338.786418] TSC Offset = 0xffffff48fd737905
[  338.791075] TSC Offset = 0xffffff48f3454f36
[  338.796347] TPR Threshold = 0x00
[  338.799707] TPR Threshold = 0x00
[  338.804912] EPT pointer = 0x000000009129e01e
[  338.808601] EPT pointer = 0x000000008b17e01e
[  338.811926] Virtual processor ID = 0x0001
[  338.815408] Virtual processor ID = 0x0002
[  338.819613] ---[ end trace 4304ca65307017c2 ]---
[  338.830541] RIP: 0010:          (null)
[  338.834510] Code: Bad RIP value.
[  338.837924] RSP: 0018:ffff888042edf190 EFLAGS: 00010246
[  338.843344] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90010603000
[  338.850993] RDX: 1ffffffff135df4e RSI: ffff888042edf210 RDI: ffff888042edf260
[  338.858288] RBP: ffff8880a6769600 R08: 0000000000000001 R09: 0000000000000000
[  338.866311] R10: 0000000000000005 R11: 00000000c85ba55e R12: 0000000000000000
[  338.874170] R13: 0000000000000001 R14: ffffffff89aefa38 R15: ffff888042edf210
[  338.885835] FS:  00007fb1664fc700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  338.896296] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  338.910275] CR2: 00007f64c2de2248 CR3: 0000000094e0c000 CR4: 00000000001426e0
[  338.917584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  338.925726] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  338.934171] Kernel panic - not syncing: Fatal exception
[  338.940881] Kernel Offset: disabled
[  338.944504] Rebooting in 86400 seconds..