00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:47 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:47 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 3:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:47 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:47 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 3:
r0 = syz_io_uring_setup(0x73d7, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:47 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:47 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 3:
r0 = syz_io_uring_setup(0x73d7, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:47 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 3:
r0 = syz_io_uring_setup(0x73d7, 0x0, &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:47 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:48 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:48 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r1, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:48 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r1, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0, &(0x7f0000000100)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r1, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r1, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:48 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:48 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:48 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:48 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:49 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:49 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:49 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:49 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:49 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:49 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:50 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:50 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:50 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:50 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:51 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, 0x0, 0x0, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:51 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:51 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:51 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:51 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:51 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:52 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:52 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:52 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:52 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:52 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:53 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:53 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:53 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:53 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:53 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:54 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:54 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:54 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:54 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:54 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:55 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:55 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:55 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:55 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:56 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:56 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:57 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:57 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:57 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080))
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:58 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:58 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:58 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:58 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:59 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:26:59 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:00 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:00 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:00 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:00 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:01 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:01 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:01 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:01 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:01 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:02 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:02 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:02 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:02 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:03 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:03 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:03 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:03 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:03 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(0x0, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:03 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:04 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x1, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:04 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x10, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:04 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 1:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:04 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:05 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:05 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 0:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 5:
syz_io_uring_submit(0x0, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r0 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 5:
syz_io_uring_submit(0x0, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r0 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 0:
r0 = syz_io_uring_setup(0x0, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:05 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:05 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 5:
syz_io_uring_submit(0x0, 0x0, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r0 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
syz_io_uring_submit(0x0, r1, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)

00:27:06 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x0, 0x300)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = dup(r2)
r4 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})

00:27:06 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = dup(r2)
r4 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})

00:27:06 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)

00:27:06 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = dup(r2)
r4 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})

00:27:06 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:06 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = dup(r2)
r4 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})

00:27:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x11, 0x0, 0x0)

00:27:07 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
socket$packet(0x11, 0x3, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080)={0x0, r2})

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
socket$packet(0x11, 0x3, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080)={0x0, r2})

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="656436f30f09d2f7baf80c66b8aca9ca8d66efbafc0cb8a500ef0fc77481ba400066ed0f71e400260f01cf26f30fc7b3ed10660fc7360000643e640f01c4", 0x3e}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001d000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, &(0x7f0000000200)="48b800a00000000000000f23c80f21f8350c0080000f23f848b800000000000000000f23c00f21f835010001000f23f8420f01df66bad10466edc441cde94f4bc4629d8c2ef3410fc7b64c00000066b83b000f00d8c462fd31d345f4", 0x5c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
socket$packet(0x11, 0x3, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080)={0x0, r2})

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x3, 0x300)
socket$netlink(0x10, 0x3, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:07 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:07 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:07 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:08 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, 0x0, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:08 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:08 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f00000007c0)=ANY=[])
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:08 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:08 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:08 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:08 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, 0x0, &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:09 executing program 0:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af21, &(0x7f0000000040)={0x0, r1})

00:27:09 executing program 5:
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:09 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)="4db1ad43602f235c", 0x0, 0x8})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:09 executing program 5:
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, 0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 5:
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:09 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:09 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:09 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}]})
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:10 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:10 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(0x0, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:10 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)="4db1ad43602f235ca6f2", 0x0, 0xa})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:10 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:10 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:10 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)="4db1ad43602f235ca6f2", 0x0, 0xa})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:10 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)="4db1ad43602f235ca6f2", 0x0, 0xa})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, 0x0, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x0, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x0, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:11 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x0, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:11 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:11 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:11 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000080))

00:27:12 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, 0x0, &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:12 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:12 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:12 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080))

00:27:12 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:12 executing program 2:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, 0x0, &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:12 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080))

00:27:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:12 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080))

00:27:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:13 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000080))

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:13 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, 0x0)

00:27:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, 0x0)

00:27:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:13 executing program 5:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, 0x0)

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:13 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:13 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:14 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)

00:27:14 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

00:27:14 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
syz_io_uring_submit(r1, 0x0, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

00:27:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)

00:27:14 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)

00:27:14 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:14 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:14 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)

00:27:14 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:15 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, 0x0, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000500)="57a6", 0x2}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0)

00:27:15 executing program 1:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:15 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:15 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:15 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:15 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:15 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:15 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:15 executing program 5:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780))
io_uring_enter(r0, 0x2bc3, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:15 executing program 4:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000580)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0)

00:27:15 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:15 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:15 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r3})

00:27:16 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

00:27:16 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:16 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r3})

00:27:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:16 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0)

00:27:16 executing program 3:
r0 = syz_io_uring_setup(0x73d7, &(0x7f0000000480), &(0x7f0000ee7000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000008540)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)='x', 0x1}, 0x10001)
r3 = mmap$IORING_OFF_SQES(&(0x7f0000ee7000/0x3000)=nil, 0x3000, 0x6, 0x11, r0, 0x10000000)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x0, 0x0, @fd_index}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000700)=@IORING_OP_POLL_REMOVE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000a40)=@IORING_OP_WRITE_FIXED, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f0000000040)=@IORING_OP_CLOSE, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x3edc, &(0x7f0000000240), &(0x7f0000002000/0x2000)=nil, &(0x7f0000300000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r1, r4, &(0x7f0000000440)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_io_uring_setup(0x2a2c, &(0x7f0000000080), &(0x7f0000300000/0x2000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000000000), &(0x7f0000000780)=<r5=>0x0)
syz_io_uring_submit(r1, r5, &(0x7f0000000400)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:27:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0)

00:27:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:16 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0x8090ae81, 0x0)

00:27:16 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:17 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r3})

00:27:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:17 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0x8090ae81, 0x0)

00:27:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:17 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:17 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:17 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0x8090ae81, 0x0)

00:27:17 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0x8090ae81, 0x0)

00:27:17 executing program 0:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:17 executing program 0:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:17 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:17 executing program 0:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:18 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, r3})

00:27:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:18 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:18 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:18 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:18 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:18 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:19 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:19 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:19 executing program 5:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, 0x0)

00:27:19 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:19 executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0x8090ae81, 0x0)

00:27:19 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:19 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:19 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

00:27:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

00:27:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:20 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01, 0xee00}}}], 0x40}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0x8090ae81, 0x0)

[  909.393489][T24044] ------------[ cut here ]------------
[  909.468994][T24044] WARNING: CPU: 0 PID: 24044 at kernel/kthread.c:524 kthread_bind_mask+0x35/0xc0
00:27:20 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  909.516019][T24044] Modules linked in:
[  909.528146][T24044] CPU: 1 PID: 24044 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller-00060-g3f5c20055a64 #0
00:27:20 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  909.676502][T24044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[  909.802103][T24044] RIP: 0010:kthread_bind_mask+0x35/0xc0
[  909.817944][T24044] Code: fb e8 6f 9f 2b 00 be 02 00 00 00 48 89 df e8 e2 fb 03 00 31 ff 48 89 c5 48 89 c6 e8 35 9c 2b 00 48 85 ed 75 12 e8 4b 9f 2b 00 <0f> 0b 5b 5d 41 5c 41 5d e9 3e 9f 2b 00 e8 39 9f 2b 00 4c 8d ab 98
[  909.853381][T24044] RSP: 0018:ffffc90012507bd0 EFLAGS: 00010216
[  909.911003][T24044] RAX: 00000000000020bc RBX: ffff888020572200 RCX: ffffc900046c2000
[  910.086183][T24044] RDX: 0000000000040000 RSI: ffffffff814f9ae5 RDI: 0000000000000007
[  910.098036][T24044] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  910.113743][T24044] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8dddf3d8
[  910.124323][T24044] R13: ffff888016cd1940 R14: ffff888072dec820 R15: ffff888072dec960
00:27:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:21 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

00:27:21 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fallocate(r3, 0x0, 0x0, 0x2000402)
fallocate(r2, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xf000000})

[  910.153310][T24044] FS:  00007f24f7e6d700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[  910.179875][T24044] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  910.190555][T24044] CR2: 0000000020519000 CR3: 0000000073bcc000 CR4: 00000000003506f0
[  910.214470][T24044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  910.224522][T24044] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  910.232923][T24044] Call Trace:
[  910.236819][T24044]  <TASK>
[  910.239782][T24044]  init_rescuer+0x141/0x1d0
[  910.246261][T24044]  alloc_workqueue+0xcd4/0x1100
[  910.251163][T24044]  ? workqueue_sysfs_register+0x3e0/0x3e0
[  910.258982][T24044]  ? lockdep_init_map_type+0x21a/0x7f0
[  910.264500][T24044]  ? srcutorture_get_gp_data+0xd0/0xd0
[  910.271722][T24044]  kvm_mmu_init_tdp_mmu+0x8e/0x230
[  910.277222][T24044]  kvm_mmu_init_vm+0x128/0x350
[  910.282023][T24044]  kvm_arch_init_vm+0x64/0x720
[  910.287223][T24044]  kvm_dev_ioctl+0xb15/0x1cf0
[  910.292112][T24044]  ? kvm_stat_data_open+0x380/0x380
[  910.298869][T24044]  ? selinux_file_ioctl+0xb1/0x270
[  910.304935][T24044]  ? kvm_stat_data_open+0x380/0x380
[  910.311582][T24044]  __x64_sys_ioctl+0x193/0x200
[  910.316745][T24044]  do_syscall_64+0x35/0xb0
[  910.321234][T24044]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  910.327601][T24044] RIP: 0033:0x7f24f6c89279
[  910.332049][T24044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  910.352833][T24044] RSP: 002b:00007f24f7e6d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  910.361850][T24044] RAX: ffffffffffffffda RBX: 00007f24f6d9bf80 RCX: 00007f24f6c89279
00:27:21 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  910.433395][T24044] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
00:27:21 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:27:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  910.559838][T24044] RBP: 00007f24f6ce3189 R08: 0000000000000000 R09: 0000000000000000
[  910.584141][T24044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
00:27:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000004000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, &(0x7f0000000200), 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/module/firewire_sbp2', 0x5ab201, 0x0)
syz_io_uring_complete(0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[  910.683075][T24044] R13: 00007ffec2b0036f R14: 00007f24f7e6d300 R15: 0000000000022000
[  910.706258][T24044]  </TASK>
[  910.709606][T24044] Kernel panic - not syncing: panic_on_warn set ...
[  910.716226][T24044] CPU: 1 PID: 24044 Comm: syz-executor.0 Not tainted 6.0.0-rc2-syzkaller-00060-g3f5c20055a64 #0
[  910.726783][T24044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[  910.736849][T24044] Call Trace:
[  910.740134][T24044]  <TASK>
[  910.743071][T24044]  dump_stack_lvl+0xcd/0x134
[  910.747754][T24044]  panic+0x2c8/0x627
[  910.751686][T24044]  ? panic_print_sys_info.part.0+0x10b/0x10b
[  910.757681][T24044]  ? __warn.cold+0x248/0x2c4
[  910.762283][T24044]  ? kthread_bind_mask+0x35/0xc0
[  910.767237][T24044]  __warn.cold+0x259/0x2c4
[  910.771683][T24044]  ? kthread_bind_mask+0x35/0xc0
[  910.776660][T24044]  report_bug+0x1bc/0x210
[  910.781028][T24044]  handle_bug+0x3c/0x60
[  910.785210][T24044]  exc_invalid_op+0x14/0x40
[  910.789725][T24044]  asm_exc_invalid_op+0x16/0x20
[  910.794637][T24044] RIP: 0010:kthread_bind_mask+0x35/0xc0
[  910.800194][T24044] Code: fb e8 6f 9f 2b 00 be 02 00 00 00 48 89 df e8 e2 fb 03 00 31 ff 48 89 c5 48 89 c6 e8 35 9c 2b 00 48 85 ed 75 12 e8 4b 9f 2b 00 <0f> 0b 5b 5d 41 5c 41 5d e9 3e 9f 2b 00 e8 39 9f 2b 00 4c 8d ab 98
[  910.819813][T24044] RSP: 0018:ffffc90012507bd0 EFLAGS: 00010216
[  910.825893][T24044] RAX: 00000000000020bc RBX: ffff888020572200 RCX: ffffc900046c2000
[  910.833875][T24044] RDX: 0000000000040000 RSI: ffffffff814f9ae5 RDI: 0000000000000007
[  910.841854][T24044] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  910.849847][T24044] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8dddf3d8
[  910.857835][T24044] R13: ffff888016cd1940 R14: ffff888072dec820 R15: ffff888072dec960
[  910.865823][T24044]  ? kthread_bind_mask+0x35/0xc0
[  910.870783][T24044]  init_rescuer+0x141/0x1d0
[  910.875296][T24044]  alloc_workqueue+0xcd4/0x1100
[  910.880163][T24044]  ? workqueue_sysfs_register+0x3e0/0x3e0
[  910.885899][T24044]  ? lockdep_init_map_type+0x21a/0x7f0
[  910.891371][T24044]  ? srcutorture_get_gp_data+0xd0/0xd0
[  910.896843][T24044]  kvm_mmu_init_tdp_mmu+0x8e/0x230
[  910.901965][T24044]  kvm_mmu_init_vm+0x128/0x350
[  910.906738][T24044]  kvm_arch_init_vm+0x64/0x720
[  910.911518][T24044]  kvm_dev_ioctl+0xb15/0x1cf0
[  910.916216][T24044]  ? kvm_stat_data_open+0x380/0x380
[  910.921433][T24044]  ? selinux_file_ioctl+0xb1/0x270
[  910.926554][T24044]  ? kvm_stat_data_open+0x380/0x380
[  910.931774][T24044]  __x64_sys_ioctl+0x193/0x200
[  910.936553][T24044]  do_syscall_64+0x35/0xb0
[  910.940986][T24044]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  910.946890][T24044] RIP: 0033:0x7f24f6c89279
[  910.951313][T24044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  910.970940][T24044] RSP: 002b:00007f24f7e6d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  910.979393][T24044] RAX: ffffffffffffffda RBX: 00007f24f6d9bf80 RCX: 00007f24f6c89279
[  910.987373][T24044] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
[  910.995370][T24044] RBP: 00007f24f6ce3189 R08: 0000000000000000 R09: 0000000000000000
[  911.003379][T24044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  911.011371][T24044] R13: 00007ffec2b0036f R14: 00007f24f7e6d300 R15: 0000000000022000
[  911.019371][T24044]  </TASK>
[  911.022849][T24044] Kernel Offset: disabled
[  911.027192][T24044] Rebooting in 86400 seconds..