, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2315.229431][T22470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024 [ 2315.237424][T22470] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2315.359264][T22479] FAULT_INJECTION: forcing a failure. [ 2315.359264][T22479] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2315.375865][T22479] CPU: 0 PID: 22479 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2315.385283][T22479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2315.395889][T22479] Call Trace: [ 2315.399652][T22479] dump_stack+0x116/0x15d [ 2315.405446][T22479] should_fail+0x231/0x240 [ 2315.411452][T22479] should_fail_usercopy+0x16/0x20 [ 2315.416536][T22479] __kvm_read_guest_page+0xb6/0x130 [ 2315.422933][T22479] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2315.428997][T22479] kvm_fetch_guest_virt+0xef/0x130 [ 2315.435063][T22479] ? emulator_write_std+0x1a0/0x1a0 [ 2315.441120][T22479] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2315.446984][T22479] x86_decode_insn+0x182/0x2b70 [ 2315.452925][T22479] ? vmx_cache_reg+0xca/0x330 [ 2315.458205][T22479] ? init_decode_cache+0x48/0x50 [ 2315.463978][T22479] ? init_emulate_ctxt+0x247/0x280 [ 2315.469334][T22479] x86_emulate_instruction+0x21d/0x2a80 [ 2315.475732][T22479] kvm_mmu_page_fault+0x315/0x3c0 [ 2315.480969][T22479] handle_ept_violation+0x277/0x350 [ 2315.486524][T22479] ? handle_desc+0x60/0x60 [ 2315.492082][T22479] vmx_handle_exit+0x2fd/0x7e0 [ 2315.496867][T22479] vcpu_enter_guest+0x19f6/0x24f0 [ 2315.501931][T22479] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2315.507718][T22479] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2315.513615][T22479] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2315.519517][T22479] vcpu_run+0x24e/0x690 [ 2315.524894][T22479] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2315.530549][T22479] kvm_vcpu_ioctl+0x562/0x8f0 [ 2315.535743][T22479] ? tomoyo_file_ioctl+0x1c/0x20 [ 2315.543182][T22479] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2315.550030][T22479] __se_sys_ioctl+0xcb/0x140 [ 2315.556280][T22479] __x64_sys_ioctl+0x3f/0x50 [ 2315.561653][T22479] do_syscall_64+0x39/0x80 [ 2315.567207][T22479] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2315.573135][T22479] RIP: 0033:0x45e149 [ 2315.578436][T22479] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2315.598535][T22479] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:23 executing program 1 (fault-call:16 fault-nth:38): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2315.606957][T22479] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2315.614925][T22479] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2315.622985][T22479] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2315.630943][T22479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000025 [ 2315.638914][T22479] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2315.717205][T22486] FAULT_INJECTION: forcing a failure. [ 2315.717205][T22486] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2315.731626][T22486] CPU: 0 PID: 22486 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2315.740044][T22486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2315.750083][T22486] Call Trace: [ 2315.753442][T22486] dump_stack+0x116/0x15d [ 2315.757758][T22486] should_fail+0x231/0x240 [ 2315.762204][T22486] should_fail_usercopy+0x16/0x20 [ 2315.767252][T22486] __kvm_read_guest_page+0xb6/0x130 [ 2315.772437][T22486] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2315.778003][T22486] kvm_fetch_guest_virt+0xef/0x130 [ 2315.783127][T22486] ? emulator_write_std+0x1a0/0x1a0 [ 2315.788306][T22486] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2315.793614][T22486] x86_decode_insn+0x182/0x2b70 [ 2315.798502][T22486] ? vmx_cache_reg+0xca/0x330 [ 2315.803188][T22486] ? init_decode_cache+0x48/0x50 [ 2315.808221][T22486] ? init_emulate_ctxt+0x247/0x280 [ 2315.813317][T22486] x86_emulate_instruction+0x21d/0x2a80 [ 2315.818848][T22486] kvm_mmu_page_fault+0x315/0x3c0 [ 2315.823943][T22486] handle_ept_violation+0x277/0x350 [ 2315.829147][T22486] ? handle_desc+0x60/0x60 [ 2315.833552][T22486] vmx_handle_exit+0x2fd/0x7e0 [ 2315.838374][T22486] vcpu_enter_guest+0x19f6/0x24f0 [ 2315.843382][T22486] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2315.849059][T22486] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2315.854243][T22486] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2315.859165][T22486] vcpu_run+0x24e/0x690 [ 2315.863395][T22486] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2315.868832][T22486] kvm_vcpu_ioctl+0x562/0x8f0 [ 2315.873669][T22486] ? tomoyo_file_ioctl+0x1c/0x20 [ 2315.878642][T22486] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2315.885935][T22486] __se_sys_ioctl+0xcb/0x140 [ 2315.890575][T22486] __x64_sys_ioctl+0x3f/0x50 [ 2315.895159][T22486] do_syscall_64+0x39/0x80 [ 2315.899576][T22486] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2315.905451][T22486] RIP: 0033:0x45e149 [ 2315.909328][T22486] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2315.928930][T22486] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2315.937375][T22486] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2315.945337][T22486] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2315.953448][T22486] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:23 executing program 1 (fault-call:16 fault-nth:39): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2315.961403][T22486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000026 [ 2315.969360][T22486] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2316.083898][T22493] FAULT_INJECTION: forcing a failure. [ 2316.083898][T22493] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2316.100105][T22493] CPU: 0 PID: 22493 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2316.109328][T22493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.122092][T22493] Call Trace: [ 2316.125373][T22493] dump_stack+0x116/0x15d [ 2316.130575][T22493] should_fail+0x231/0x240 [ 2316.137408][T22493] should_fail_usercopy+0x16/0x20 [ 2316.144441][T22493] __kvm_read_guest_page+0xb6/0x130 [ 2316.151538][T22493] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2316.158369][T22493] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2316.164987][T22493] kvm_vcpu_read_guest+0x89/0x110 [ 2316.170545][T22493] read_emulate+0x27/0x40 [ 2316.177135][T22493] emulator_read_write_onepage+0x164/0x490 [ 2316.185032][T22493] emulator_read_write+0x173/0x310 [ 2316.191083][T22493] emulator_read_emulated+0x37/0x40 [ 2316.197815][T22493] x86_emulate_insn+0x81c/0x2fc0 [ 2316.203259][T22493] x86_emulate_instruction+0x75f/0x2a80 [ 2316.210661][T22493] kvm_mmu_page_fault+0x315/0x3c0 [ 2316.217537][T22493] handle_ept_violation+0x277/0x350 [ 2316.223229][T22493] ? handle_desc+0x60/0x60 [ 2316.227821][T22493] vmx_handle_exit+0x2fd/0x7e0 [ 2316.232661][T22493] vcpu_enter_guest+0x19f6/0x24f0 [ 2316.237777][T22493] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2316.243444][T22493] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2316.248640][T22493] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2316.253569][T22493] vcpu_run+0x24e/0x690 [ 2316.257749][T22493] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2316.263182][T22493] kvm_vcpu_ioctl+0x562/0x8f0 [ 2316.267839][T22493] ? tomoyo_file_ioctl+0x1c/0x20 [ 2316.272904][T22493] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2316.278880][T22493] __se_sys_ioctl+0xcb/0x140 [ 2316.283448][T22493] __x64_sys_ioctl+0x3f/0x50 [ 2316.288038][T22493] do_syscall_64+0x39/0x80 [ 2316.292460][T22493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2316.298359][T22493] RIP: 0033:0x45e149 [ 2316.302249][T22493] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2316.321910][T22493] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2316.330314][T22493] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2316.338263][T22493] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2316.346212][T22493] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2316.354226][T22493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000027 [ 2316.362175][T22493] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:24 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x12, 0x0) 20:59:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:24 executing program 1 (fault-call:16 fault-nth:40): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2316.852326][T22506] FAULT_INJECTION: forcing a failure. [ 2316.852326][T22506] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2316.870582][T22506] CPU: 1 PID: 22506 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2316.879050][T22506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2316.889106][T22506] Call Trace: [ 2316.892381][T22506] dump_stack+0x116/0x15d [ 2316.896720][T22506] should_fail+0x231/0x240 [ 2316.901193][T22506] should_fail_usercopy+0x16/0x20 [ 2316.906299][T22506] __kvm_write_guest_page+0xda/0x220 [ 2316.911641][T22506] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2316.917259][T22506] kvm_vcpu_write_guest+0x89/0x110 [ 2316.922378][T22506] write_emulate+0x2c/0x70 [ 2316.926786][T22506] emulator_read_write_onepage+0x164/0x490 [ 2316.932578][T22506] emulator_read_write+0x173/0x310 [ 2316.937694][T22506] emulator_write_emulated+0x37/0x40 [ 2316.942962][T22506] writeback+0x3d4/0x540 [ 2316.947264][T22506] x86_emulate_insn+0x1787/0x2fc0 [ 2316.953167][T22506] ? em_salc+0x8/0x8 [ 2316.957057][T22506] x86_emulate_instruction+0x75f/0x2a80 [ 2316.962673][T22506] kvm_mmu_page_fault+0x315/0x3c0 [ 2316.967759][T22506] handle_ept_violation+0x277/0x350 [ 2316.972940][T22506] ? preempt_schedule+0x54/0x80 [ 2316.977859][T22506] ? handle_desc+0x60/0x60 [ 2316.982358][T22506] vmx_handle_exit+0x2fd/0x7e0 [ 2316.987121][T22506] vcpu_enter_guest+0x19f6/0x24f0 [ 2316.992157][T22506] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2316.997772][T22506] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2317.002965][T22506] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2317.007944][T22506] vcpu_run+0x24e/0x690 [ 2317.012146][T22506] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2317.017648][T22506] kvm_vcpu_ioctl+0x562/0x8f0 [ 2317.022313][T22506] ? tomoyo_file_ioctl+0x1c/0x20 [ 2317.027258][T22506] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2317.033138][T22506] __se_sys_ioctl+0xcb/0x140 [ 2317.037712][T22506] __x64_sys_ioctl+0x3f/0x50 [ 2317.042342][T22506] do_syscall_64+0x39/0x80 [ 2317.046753][T22506] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2317.052669][T22506] RIP: 0033:0x45e149 [ 2317.056560][T22506] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2317.076204][T22506] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2317.084809][T22506] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2317.092807][T22506] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2317.100764][T22506] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2317.108777][T22506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000028 [ 2317.116807][T22506] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:24 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:24 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda", 0x1c}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:24 executing program 1 (fault-call:16 fault-nth:41): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2317.323590][T22519] FAULT_INJECTION: forcing a failure. [ 2317.323590][T22519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2317.340774][T22519] CPU: 1 PID: 22519 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2317.349214][T22519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2317.359268][T22519] Call Trace: [ 2317.362627][T22519] dump_stack+0x116/0x15d [ 2317.366964][T22519] should_fail+0x231/0x240 [ 2317.371384][T22519] should_fail_usercopy+0x16/0x20 [ 2317.376468][T22519] __kvm_read_guest_page+0xb6/0x130 [ 2317.381725][T22519] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2317.389299][T22519] kvm_fetch_guest_virt+0xef/0x130 [ 2317.394414][T22519] ? emulator_write_std+0x1a0/0x1a0 [ 2317.399606][T22519] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2317.404875][T22519] x86_decode_insn+0x182/0x2b70 [ 2317.409791][T22519] ? vmx_cache_reg+0xca/0x330 [ 2317.414463][T22519] ? init_decode_cache+0x48/0x50 [ 2317.419410][T22519] ? init_emulate_ctxt+0x247/0x280 [ 2317.424607][T22519] x86_emulate_instruction+0x21d/0x2a80 [ 2317.430182][T22519] kvm_mmu_page_fault+0x315/0x3c0 [ 2317.435194][T22519] handle_ept_violation+0x277/0x350 [ 2317.440454][T22519] ? handle_desc+0x60/0x60 [ 2317.444957][T22519] vmx_handle_exit+0x2fd/0x7e0 [ 2317.449802][T22519] vcpu_enter_guest+0x19f6/0x24f0 [ 2317.454934][T22519] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2317.460617][T22519] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2317.465794][T22519] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2317.470710][T22519] vcpu_run+0x24e/0x690 [ 2317.474843][T22519] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2317.480295][T22519] kvm_vcpu_ioctl+0x562/0x8f0 [ 2317.484974][T22519] ? tomoyo_file_ioctl+0x1c/0x20 [ 2317.489899][T22519] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2317.495774][T22519] __se_sys_ioctl+0xcb/0x140 [ 2317.500673][T22519] __x64_sys_ioctl+0x3f/0x50 [ 2317.505394][T22519] do_syscall_64+0x39/0x80 [ 2317.509852][T22519] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2317.515755][T22519] RIP: 0033:0x45e149 [ 2317.519628][T22519] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2317.539496][T22519] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2317.547912][T22519] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2317.555967][T22519] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2317.563932][T22519] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2317.571892][T22519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000029 [ 2317.579862][T22519] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:25 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:25 executing program 1 (fault-call:16 fault-nth:42): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2317.994769][T22538] FAULT_INJECTION: forcing a failure. [ 2317.994769][T22538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2318.008027][T22538] CPU: 0 PID: 22538 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2318.016577][T22538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2318.026707][T22538] Call Trace: [ 2318.030084][T22538] dump_stack+0x116/0x15d [ 2318.034407][T22538] should_fail+0x231/0x240 [ 2318.039032][T22538] should_fail_usercopy+0x16/0x20 [ 2318.044050][T22538] __kvm_read_guest_page+0xb6/0x130 [ 2318.049312][T22538] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2318.054863][T22538] kvm_fetch_guest_virt+0xef/0x130 [ 2318.059975][T22538] ? emulator_write_std+0x1a0/0x1a0 [ 2318.065171][T22538] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2318.070525][T22538] x86_decode_insn+0x182/0x2b70 [ 2318.075362][T22538] ? vmx_cache_reg+0xca/0x330 [ 2318.080160][T22538] ? init_decode_cache+0x48/0x50 [ 2318.088063][T22538] ? init_emulate_ctxt+0x247/0x280 [ 2318.093430][T22538] x86_emulate_instruction+0x21d/0x2a80 [ 2318.098964][T22538] kvm_mmu_page_fault+0x315/0x3c0 [ 2318.104122][T22538] handle_ept_violation+0x277/0x350 [ 2318.109347][T22538] ? handle_desc+0x60/0x60 [ 2318.113757][T22538] vmx_handle_exit+0x2fd/0x7e0 [ 2318.118530][T22538] vcpu_enter_guest+0x19f6/0x24f0 [ 2318.123620][T22538] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2318.129382][T22538] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2318.134574][T22538] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2318.139508][T22538] vcpu_run+0x24e/0x690 [ 2318.143650][T22538] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2318.149114][T22538] kvm_vcpu_ioctl+0x562/0x8f0 [ 2318.153782][T22538] ? tomoyo_file_ioctl+0x1c/0x20 [ 2318.158748][T22538] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2318.165469][T22538] __se_sys_ioctl+0xcb/0x140 [ 2318.170082][T22538] __x64_sys_ioctl+0x3f/0x50 [ 2318.174727][T22538] do_syscall_64+0x39/0x80 [ 2318.179226][T22538] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2318.185101][T22538] RIP: 0033:0x45e149 [ 2318.188979][T22538] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2318.208723][T22538] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2318.217126][T22538] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2318.225092][T22538] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2318.233113][T22538] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:25 executing program 1 (fault-call:16 fault-nth:43): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2318.241152][T22538] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002a [ 2318.249127][T22538] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2318.332888][T22545] FAULT_INJECTION: forcing a failure. [ 2318.332888][T22545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2318.346275][T22545] CPU: 0 PID: 22545 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2318.355586][T22545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2318.365680][T22545] Call Trace: [ 2318.370070][T22545] dump_stack+0x116/0x15d [ 2318.377285][T22545] should_fail+0x231/0x240 [ 2318.382549][T22545] should_fail_usercopy+0x16/0x20 [ 2318.387660][T22545] __kvm_read_guest_page+0xb6/0x130 [ 2318.393081][T22545] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2318.400910][T22545] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2318.407774][T22545] kvm_vcpu_read_guest+0x89/0x110 [ 2318.414441][T22545] read_emulate+0x27/0x40 [ 2318.419325][T22545] emulator_read_write_onepage+0x164/0x490 [ 2318.427587][T22545] emulator_read_write+0x173/0x310 [ 2318.433070][T22545] emulator_read_emulated+0x37/0x40 [ 2318.441593][T22545] x86_emulate_insn+0x81c/0x2fc0 [ 2318.448662][T22545] x86_emulate_instruction+0x75f/0x2a80 [ 2318.455710][T22545] kvm_mmu_page_fault+0x315/0x3c0 [ 2318.461746][T22545] handle_ept_violation+0x277/0x350 [ 2318.467426][T22545] ? handle_desc+0x60/0x60 [ 2318.473966][T22545] vmx_handle_exit+0x2fd/0x7e0 [ 2318.480419][T22545] vcpu_enter_guest+0x19f6/0x24f0 [ 2318.485741][T22545] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2318.492920][T22545] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2318.500826][T22545] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2318.507883][T22545] vcpu_run+0x24e/0x690 [ 2318.514169][T22545] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2318.521989][T22545] kvm_vcpu_ioctl+0x562/0x8f0 [ 2318.528494][T22545] ? tomoyo_file_ioctl+0x1c/0x20 [ 2318.535418][T22545] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2318.541940][T22545] __se_sys_ioctl+0xcb/0x140 [ 2318.546770][T22545] __x64_sys_ioctl+0x3f/0x50 [ 2318.553185][T22545] do_syscall_64+0x39/0x80 [ 2318.559864][T22545] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2318.566464][T22545] RIP: 0033:0x45e149 [ 2318.571374][T22545] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2318.591272][T22545] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2318.599846][T22545] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2318.607811][T22545] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2318.615768][T22545] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2318.623810][T22545] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002b [ 2318.631797][T22545] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:26 executing program 1 (fault-call:16 fault-nth:44): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2318.712457][T22552] FAULT_INJECTION: forcing a failure. [ 2318.712457][T22552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2318.725660][T22552] CPU: 1 PID: 22552 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2318.734284][T22552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2318.744477][T22552] Call Trace: [ 2318.747875][T22552] dump_stack+0x116/0x15d [ 2318.752238][T22552] should_fail+0x231/0x240 [ 2318.756691][T22552] should_fail_usercopy+0x16/0x20 [ 2318.761706][T22552] __kvm_write_guest_page+0xda/0x220 [ 2318.767035][T22552] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2318.772825][T22552] kvm_vcpu_write_guest+0x89/0x110 [ 2318.777950][T22552] write_emulate+0x2c/0x70 [ 2318.782352][T22552] emulator_read_write_onepage+0x164/0x490 [ 2318.788233][T22552] emulator_read_write+0x173/0x310 [ 2318.793330][T22552] emulator_write_emulated+0x37/0x40 [ 2318.798609][T22552] writeback+0x3d4/0x540 [ 2318.802870][T22552] x86_emulate_insn+0x1787/0x2fc0 [ 2318.807940][T22552] ? em_salc+0x8/0x8 [ 2318.811818][T22552] x86_emulate_instruction+0x75f/0x2a80 [ 2318.817434][T22552] kvm_mmu_page_fault+0x315/0x3c0 [ 2318.822442][T22552] handle_ept_violation+0x277/0x350 [ 2318.827710][T22552] ? handle_desc+0x60/0x60 [ 2318.832125][T22552] vmx_handle_exit+0x2fd/0x7e0 [ 2318.837004][T22552] vcpu_enter_guest+0x19f6/0x24f0 [ 2318.842060][T22552] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2318.847699][T22552] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2318.853039][T22552] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2318.858049][T22552] vcpu_run+0x24e/0x690 [ 2318.862193][T22552] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2318.867646][T22552] kvm_vcpu_ioctl+0x562/0x8f0 [ 2318.872319][T22552] ? tomoyo_file_ioctl+0x1c/0x20 [ 2318.877251][T22552] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2318.883166][T22552] __se_sys_ioctl+0xcb/0x140 [ 2318.887744][T22552] __x64_sys_ioctl+0x3f/0x50 [ 2318.892453][T22552] do_syscall_64+0x39/0x80 [ 2318.896882][T22552] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2318.902975][T22552] RIP: 0033:0x45e149 [ 2318.906939][T22552] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2318.926529][T22552] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2318.934983][T22552] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2318.942943][T22552] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2318.950906][T22552] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:26 executing program 1 (fault-call:16 fault-nth:45): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2318.958875][T22552] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002c [ 2318.966834][T22552] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2319.071370][T22559] FAULT_INJECTION: forcing a failure. [ 2319.071370][T22559] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2319.088093][T22559] CPU: 0 PID: 22559 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2319.097894][T22559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.108364][T22559] Call Trace: [ 2319.111697][T22559] dump_stack+0x116/0x15d [ 2319.116395][T22559] should_fail+0x231/0x240 [ 2319.123654][T22559] should_fail_usercopy+0x16/0x20 [ 2319.130515][T22559] __kvm_read_guest_page+0xb6/0x130 [ 2319.137126][T22559] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2319.145048][T22559] kvm_fetch_guest_virt+0xef/0x130 [ 2319.150502][T22559] ? emulator_write_std+0x1a0/0x1a0 [ 2319.158286][T22559] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2319.164613][T22559] x86_decode_insn+0x182/0x2b70 [ 2319.169910][T22559] ? vmx_cache_reg+0xca/0x330 [ 2319.176815][T22559] ? init_decode_cache+0x48/0x50 [ 2319.183489][T22559] ? init_emulate_ctxt+0x247/0x280 [ 2319.190920][T22559] x86_emulate_instruction+0x21d/0x2a80 [ 2319.198469][T22559] kvm_mmu_page_fault+0x315/0x3c0 [ 2319.205471][T22559] handle_ept_violation+0x277/0x350 [ 2319.210716][T22559] ? handle_desc+0x60/0x60 [ 2319.216328][T22559] vmx_handle_exit+0x2fd/0x7e0 [ 2319.222585][T22559] vcpu_enter_guest+0x19f6/0x24f0 [ 2319.227831][T22559] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2319.233471][T22559] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2319.238668][T22559] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2319.243599][T22559] vcpu_run+0x24e/0x690 [ 2319.247752][T22559] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2319.253268][T22559] kvm_vcpu_ioctl+0x562/0x8f0 [ 2319.257925][T22559] ? tomoyo_file_ioctl+0x1c/0x20 [ 2319.262852][T22559] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2319.268728][T22559] __se_sys_ioctl+0xcb/0x140 [ 2319.273314][T22559] __x64_sys_ioctl+0x3f/0x50 [ 2319.277891][T22559] do_syscall_64+0x39/0x80 [ 2319.282298][T22559] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2319.288189][T22559] RIP: 0033:0x45e149 [ 2319.292148][T22559] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2319.311750][T22559] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2319.320144][T22559] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2319.328146][T22559] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2319.336110][T22559] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2319.344059][T22559] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002d [ 2319.352020][T22559] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x18, 0x0) 20:59:27 executing program 1 (fault-call:16 fault-nth:46): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2319.813105][T22566] FAULT_INJECTION: forcing a failure. [ 2319.813105][T22566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2319.829180][T22566] CPU: 0 PID: 22566 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2319.837632][T22566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2319.847688][T22566] Call Trace: [ 2319.850965][T22566] dump_stack+0x116/0x15d [ 2319.855295][T22566] should_fail+0x231/0x240 [ 2319.859711][T22566] should_fail_usercopy+0x16/0x20 [ 2319.864742][T22566] __kvm_read_guest_page+0xb6/0x130 [ 2319.869965][T22566] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2319.875547][T22566] kvm_fetch_guest_virt+0xef/0x130 [ 2319.880673][T22566] ? emulator_write_std+0x1a0/0x1a0 [ 2319.885918][T22566] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2319.891191][T22566] x86_decode_insn+0x182/0x2b70 [ 2319.896024][T22566] ? vmx_cache_reg+0xca/0x330 [ 2319.900688][T22566] ? init_decode_cache+0x48/0x50 [ 2319.905619][T22566] ? init_emulate_ctxt+0x247/0x280 [ 2319.910787][T22566] x86_emulate_instruction+0x21d/0x2a80 [ 2319.916336][T22566] kvm_mmu_page_fault+0x315/0x3c0 [ 2319.921343][T22566] handle_ept_violation+0x277/0x350 [ 2319.926544][T22566] ? handle_desc+0x60/0x60 [ 2319.930942][T22566] vmx_handle_exit+0x2fd/0x7e0 [ 2319.935695][T22566] vcpu_enter_guest+0x19f6/0x24f0 [ 2319.940822][T22566] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2319.946435][T22566] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2319.951616][T22566] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2319.956555][T22566] vcpu_run+0x24e/0x690 [ 2319.960692][T22566] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2319.966133][T22566] kvm_vcpu_ioctl+0x562/0x8f0 [ 2319.970864][T22566] ? tomoyo_file_ioctl+0x1c/0x20 [ 2319.975800][T22566] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2319.981713][T22566] __se_sys_ioctl+0xcb/0x140 [ 2319.986297][T22566] __x64_sys_ioctl+0x3f/0x50 [ 2319.990922][T22566] do_syscall_64+0x39/0x80 [ 2319.995334][T22566] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2320.001223][T22566] RIP: 0033:0x45e149 [ 2320.005099][T22566] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2320.024909][T22566] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2320.033312][T22566] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2320.041266][T22566] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2320.049469][T22566] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:27 executing program 1 (fault-call:16 fault-nth:47): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2320.057424][T22566] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002e [ 2320.065545][T22566] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2320.141175][T22581] FAULT_INJECTION: forcing a failure. [ 2320.141175][T22581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2320.154473][T22581] CPU: 0 PID: 22581 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2320.163878][T22581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2320.174929][T22581] Call Trace: [ 2320.178902][T22581] dump_stack+0x116/0x15d [ 2320.184078][T22581] should_fail+0x231/0x240 [ 2320.189291][T22581] should_fail_usercopy+0x16/0x20 [ 2320.194421][T22581] __kvm_read_guest_page+0xb6/0x130 [ 2320.200482][T22581] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2320.207456][T22581] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2320.213046][T22581] kvm_vcpu_read_guest+0x89/0x110 [ 2320.218587][T22581] read_emulate+0x27/0x40 [ 2320.224247][T22581] emulator_read_write_onepage+0x164/0x490 [ 2320.230203][T22581] emulator_read_write+0x173/0x310 [ 2320.235741][T22581] emulator_read_emulated+0x37/0x40 [ 2320.241348][T22581] x86_emulate_insn+0x81c/0x2fc0 [ 2320.246376][T22581] x86_emulate_instruction+0x75f/0x2a80 [ 2320.253662][T22581] kvm_mmu_page_fault+0x315/0x3c0 [ 2320.259203][T22581] handle_ept_violation+0x277/0x350 [ 2320.264711][T22581] ? handle_desc+0x60/0x60 [ 2320.269282][T22581] vmx_handle_exit+0x2fd/0x7e0 [ 2320.274070][T22581] vcpu_enter_guest+0x19f6/0x24f0 [ 2320.279094][T22581] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2320.284720][T22581] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2320.289920][T22581] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2320.294864][T22581] vcpu_run+0x24e/0x690 [ 2320.299568][T22581] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2320.305033][T22581] kvm_vcpu_ioctl+0x562/0x8f0 [ 2320.310394][T22581] ? tomoyo_file_ioctl+0x1c/0x20 [ 2320.315440][T22581] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2320.322443][T22581] __se_sys_ioctl+0xcb/0x140 [ 2320.328033][T22581] __x64_sys_ioctl+0x3f/0x50 [ 2320.333359][T22581] do_syscall_64+0x39/0x80 [ 2320.340173][T22581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2320.348296][T22581] RIP: 0033:0x45e149 [ 2320.353367][T22581] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2320.374248][T22581] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2320.383253][T22581] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda", 0x1c}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:28 executing program 1 (fault-call:16 fault-nth:48): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2320.391682][T22581] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2320.401085][T22581] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2320.409370][T22581] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000002f [ 2320.417569][T22581] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2320.510398][T22596] FAULT_INJECTION: forcing a failure. [ 2320.510398][T22596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2320.523850][T22596] CPU: 0 PID: 22596 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2320.532272][T22596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2320.542434][T22596] Call Trace: [ 2320.545752][T22596] dump_stack+0x116/0x15d [ 2320.550103][T22596] should_fail+0x231/0x240 [ 2320.556013][T22596] should_fail_usercopy+0x16/0x20 [ 2320.561043][T22596] __kvm_write_guest_page+0xda/0x220 [ 2320.567104][T22596] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2320.572752][T22596] kvm_vcpu_write_guest+0x89/0x110 [ 2320.578116][T22596] write_emulate+0x2c/0x70 [ 2320.582595][T22596] emulator_read_write_onepage+0x164/0x490 [ 2320.588466][T22596] emulator_read_write+0x173/0x310 [ 2320.595516][T22596] emulator_write_emulated+0x37/0x40 [ 2320.601276][T22596] writeback+0x3d4/0x540 [ 2320.605552][T22596] x86_emulate_insn+0x1787/0x2fc0 [ 2320.611069][T22596] ? em_salc+0x8/0x8 [ 2320.616438][T22596] x86_emulate_instruction+0x75f/0x2a80 [ 2320.622258][T22596] kvm_mmu_page_fault+0x315/0x3c0 [ 2320.627337][T22596] handle_ept_violation+0x277/0x350 [ 2320.633939][T22596] ? handle_desc+0x60/0x60 [ 2320.638369][T22596] vmx_handle_exit+0x2fd/0x7e0 [ 2320.643928][T22596] vcpu_enter_guest+0x19f6/0x24f0 [ 2320.650251][T22596] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2320.655903][T22596] ? prandom_u32_state+0x9/0x80 [ 2320.660868][T22596] vcpu_run+0x24e/0x690 [ 2320.665075][T22596] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2320.671540][T22596] kvm_vcpu_ioctl+0x562/0x8f0 [ 2320.676941][T22596] ? tomoyo_file_ioctl+0x1c/0x20 [ 2320.682212][T22596] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2320.688724][T22596] __se_sys_ioctl+0xcb/0x140 [ 2320.694077][T22596] __x64_sys_ioctl+0x3f/0x50 [ 2320.699817][T22596] do_syscall_64+0x39/0x80 [ 2320.705681][T22596] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2320.712392][T22596] RIP: 0033:0x45e149 [ 2320.716286][T22596] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2320.739074][T22596] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2320.747684][T22596] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2320.756895][T22596] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2320.765439][T22596] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2320.773443][T22596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000030 [ 2320.781421][T22596] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:28 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:28 executing program 1 (fault-call:16 fault-nth:49): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2321.013303][T22606] FAULT_INJECTION: forcing a failure. [ 2321.013303][T22606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2321.028109][T22606] CPU: 1 PID: 22606 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2321.036609][T22606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2321.046678][T22606] Call Trace: [ 2321.049943][T22606] dump_stack+0x116/0x15d [ 2321.054285][T22606] should_fail+0x231/0x240 [ 2321.058686][T22606] should_fail_usercopy+0x16/0x20 [ 2321.063699][T22606] __kvm_read_guest_page+0xb6/0x130 [ 2321.068983][T22606] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2321.074517][T22606] kvm_fetch_guest_virt+0xef/0x130 [ 2321.079748][T22606] ? emulator_write_std+0x1a0/0x1a0 [ 2321.085273][T22606] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2321.090567][T22606] x86_decode_insn+0x182/0x2b70 [ 2321.095410][T22606] ? vmx_cache_reg+0xca/0x330 [ 2321.100093][T22606] ? init_decode_cache+0x48/0x50 [ 2321.105088][T22606] ? init_emulate_ctxt+0x247/0x280 [ 2321.110219][T22606] x86_emulate_instruction+0x21d/0x2a80 [ 2321.115756][T22606] kvm_mmu_page_fault+0x315/0x3c0 [ 2321.120845][T22606] handle_ept_violation+0x277/0x350 [ 2321.126052][T22606] ? preempt_schedule+0x54/0x80 [ 2321.131947][T22606] ? handle_desc+0x60/0x60 [ 2321.136376][T22606] vmx_handle_exit+0x2fd/0x7e0 [ 2321.141127][T22606] vcpu_enter_guest+0x19f6/0x24f0 [ 2321.146167][T22606] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2321.152157][T22606] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2321.157978][T22606] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2321.163784][T22606] vcpu_run+0x24e/0x690 [ 2321.168101][T22606] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2321.174366][T22606] kvm_vcpu_ioctl+0x562/0x8f0 [ 2321.179973][T22606] ? tomoyo_file_ioctl+0x1c/0x20 [ 2321.186247][T22606] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2321.192145][T22606] __se_sys_ioctl+0xcb/0x140 [ 2321.196841][T22606] __x64_sys_ioctl+0x3f/0x50 [ 2321.202474][T22606] do_syscall_64+0x39/0x80 [ 2321.206903][T22606] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2321.214380][T22606] RIP: 0033:0x45e149 [ 2321.218324][T22606] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2321.238269][T22606] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2321.246667][T22606] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2321.254729][T22606] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2321.262858][T22606] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2321.270909][T22606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000031 [ 2321.279135][T22606] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:28 executing program 1 (fault-call:16 fault-nth:50): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2321.406630][T22615] FAULT_INJECTION: forcing a failure. [ 2321.406630][T22615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2321.445435][T22615] CPU: 1 PID: 22615 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2321.454689][T22615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2321.467587][T22615] Call Trace: [ 2321.471743][T22615] dump_stack+0x116/0x15d [ 2321.477219][T22615] should_fail+0x231/0x240 [ 2321.481701][T22615] should_fail_usercopy+0x16/0x20 [ 2321.487952][T22615] __kvm_read_guest_page+0xb6/0x130 [ 2321.493576][T22615] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2321.499191][T22615] kvm_fetch_guest_virt+0xef/0x130 [ 2321.504378][T22615] ? emulator_write_std+0x1a0/0x1a0 [ 2321.509580][T22615] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2321.514968][T22615] x86_decode_insn+0x182/0x2b70 [ 2321.520754][T22615] ? vmx_cache_reg+0xca/0x330 [ 2321.525493][T22615] ? init_decode_cache+0x48/0x50 [ 2321.530435][T22615] ? init_emulate_ctxt+0x247/0x280 [ 2321.535534][T22615] x86_emulate_instruction+0x21d/0x2a80 [ 2321.541179][T22615] kvm_mmu_page_fault+0x315/0x3c0 [ 2321.546212][T22615] handle_ept_violation+0x277/0x350 [ 2321.551690][T22615] ? handle_desc+0x60/0x60 [ 2321.556214][T22615] vmx_handle_exit+0x2fd/0x7e0 [ 2321.560965][T22615] vcpu_enter_guest+0x19f6/0x24f0 [ 2321.566151][T22615] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2321.571960][T22615] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2321.577274][T22615] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2321.582295][T22615] vcpu_run+0x24e/0x690 [ 2321.587436][T22615] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2321.593146][T22615] kvm_vcpu_ioctl+0x562/0x8f0 [ 2321.597830][T22615] ? tomoyo_file_ioctl+0x1c/0x20 [ 2321.603594][T22615] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2321.609621][T22615] __se_sys_ioctl+0xcb/0x140 [ 2321.614276][T22615] __x64_sys_ioctl+0x3f/0x50 [ 2321.618972][T22615] do_syscall_64+0x39/0x80 [ 2321.623468][T22615] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2321.629357][T22615] RIP: 0033:0x45e149 [ 2321.633287][T22615] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:59:29 executing program 1 (fault-call:16 fault-nth:51): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2321.657844][T22615] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2321.666259][T22615] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2321.674491][T22615] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2321.682522][T22615] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2321.690476][T22615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 [ 2321.698432][T22615] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2321.797371][T22622] FAULT_INJECTION: forcing a failure. [ 2321.797371][T22622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2321.812733][T22622] CPU: 0 PID: 22622 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2321.823889][T22622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2321.835078][T22622] Call Trace: [ 2321.838656][T22622] dump_stack+0x116/0x15d [ 2321.845175][T22622] should_fail+0x231/0x240 [ 2321.850768][T22622] should_fail_usercopy+0x16/0x20 [ 2321.855967][T22622] __kvm_read_guest_page+0xb6/0x130 [ 2321.864130][T22622] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2321.870916][T22622] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2321.877930][T22622] kvm_vcpu_read_guest+0x89/0x110 [ 2321.883654][T22622] read_emulate+0x27/0x40 [ 2321.888859][T22622] emulator_read_write_onepage+0x164/0x490 [ 2321.895869][T22622] emulator_read_write+0x173/0x310 [ 2321.901165][T22622] emulator_read_emulated+0x37/0x40 [ 2321.909155][T22622] x86_emulate_insn+0x81c/0x2fc0 [ 2321.914515][T22622] x86_emulate_instruction+0x75f/0x2a80 [ 2321.921957][T22622] kvm_mmu_page_fault+0x315/0x3c0 [ 2321.926988][T22622] handle_ept_violation+0x277/0x350 [ 2321.932174][T22622] ? handle_desc+0x60/0x60 [ 2321.936607][T22622] vmx_handle_exit+0x2fd/0x7e0 [ 2321.941432][T22622] vcpu_enter_guest+0x19f6/0x24f0 [ 2321.946437][T22622] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2321.952067][T22622] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2321.957259][T22622] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2321.962211][T22622] vcpu_run+0x24e/0x690 [ 2321.966439][T22622] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2321.972000][T22622] kvm_vcpu_ioctl+0x562/0x8f0 [ 2321.976669][T22622] ? tomoyo_file_ioctl+0x1c/0x20 [ 2321.981635][T22622] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2321.987528][T22622] __se_sys_ioctl+0xcb/0x140 [ 2321.992144][T22622] __x64_sys_ioctl+0x3f/0x50 [ 2321.996733][T22622] do_syscall_64+0x39/0x80 [ 2322.001133][T22622] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2322.007132][T22622] RIP: 0033:0x45e149 [ 2322.011005][T22622] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2322.030738][T22622] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2322.039132][T22622] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:29 executing program 1 (fault-call:16 fault-nth:52): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2322.047099][T22622] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2322.055064][T22622] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2322.063110][T22622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000033 [ 2322.071078][T22622] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2322.198015][T22629] FAULT_INJECTION: forcing a failure. [ 2322.198015][T22629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2322.211285][T22629] CPU: 1 PID: 22629 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2322.219699][T22629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2322.229736][T22629] Call Trace: [ 2322.233018][T22629] dump_stack+0x116/0x15d [ 2322.237383][T22629] should_fail+0x231/0x240 [ 2322.241787][T22629] should_fail_usercopy+0x16/0x20 [ 2322.246811][T22629] __kvm_write_guest_page+0xda/0x220 [ 2322.252179][T22629] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2322.257834][T22629] kvm_vcpu_write_guest+0x89/0x110 [ 2322.262952][T22629] write_emulate+0x2c/0x70 [ 2322.267353][T22629] emulator_read_write_onepage+0x164/0x490 [ 2322.273189][T22629] emulator_read_write+0x173/0x310 [ 2322.278393][T22629] emulator_write_emulated+0x37/0x40 [ 2322.283690][T22629] writeback+0x3d4/0x540 [ 2322.287922][T22629] x86_emulate_insn+0x1787/0x2fc0 [ 2322.293079][T22629] ? em_salc+0x8/0x8 [ 2322.297006][T22629] x86_emulate_instruction+0x75f/0x2a80 [ 2322.302587][T22629] kvm_mmu_page_fault+0x315/0x3c0 [ 2322.307693][T22629] handle_ept_violation+0x277/0x350 [ 2322.312888][T22629] ? handle_desc+0x60/0x60 [ 2322.317319][T22629] vmx_handle_exit+0x2fd/0x7e0 [ 2322.322119][T22629] vcpu_enter_guest+0x19f6/0x24f0 [ 2322.327207][T22629] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2322.332879][T22629] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2322.338072][T22629] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2322.343020][T22629] vcpu_run+0x24e/0x690 [ 2322.347178][T22629] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2322.352639][T22629] kvm_vcpu_ioctl+0x562/0x8f0 [ 2322.357317][T22629] ? tomoyo_file_ioctl+0x1c/0x20 [ 2322.362336][T22629] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2322.368240][T22629] __se_sys_ioctl+0xcb/0x140 [ 2322.372853][T22629] __x64_sys_ioctl+0x3f/0x50 [ 2322.377668][T22629] do_syscall_64+0x39/0x80 [ 2322.382078][T22629] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2322.388940][T22629] RIP: 0033:0x45e149 [ 2322.393016][T22629] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2322.412605][T22629] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2322.421019][T22629] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2322.429000][T22629] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2322.436958][T22629] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2322.444997][T22629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000034 [ 2322.452957][T22629] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:30 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x300, 0x0) 20:59:30 executing program 1 (fault-call:16 fault-nth:53): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2322.856145][T22636] FAULT_INJECTION: forcing a failure. [ 2322.856145][T22636] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2322.871385][T22636] CPU: 0 PID: 22636 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2322.880838][T22636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2322.890912][T22636] Call Trace: [ 2322.894184][T22636] dump_stack+0x116/0x15d [ 2322.898517][T22636] should_fail+0x231/0x240 [ 2322.903028][T22636] should_fail_usercopy+0x16/0x20 [ 2322.908050][T22636] __kvm_read_guest_page+0xb6/0x130 [ 2322.913266][T22636] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2322.918844][T22636] kvm_fetch_guest_virt+0xef/0x130 [ 2322.924028][T22636] ? emulator_write_std+0x1a0/0x1a0 [ 2322.929240][T22636] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2322.934560][T22636] x86_decode_insn+0x182/0x2b70 [ 2322.939395][T22636] ? vmx_cache_reg+0xca/0x330 [ 2322.944069][T22636] ? init_decode_cache+0x48/0x50 [ 2322.949076][T22636] ? init_emulate_ctxt+0x247/0x280 [ 2322.954188][T22636] x86_emulate_instruction+0x21d/0x2a80 [ 2322.959739][T22636] kvm_mmu_page_fault+0x315/0x3c0 [ 2322.964809][T22636] handle_ept_violation+0x277/0x350 [ 2322.970001][T22636] ? handle_desc+0x60/0x60 [ 2322.974451][T22636] vmx_handle_exit+0x2fd/0x7e0 [ 2322.979412][T22636] vcpu_enter_guest+0x19f6/0x24f0 [ 2322.984445][T22636] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2322.990125][T22636] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2322.995308][T22636] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2323.000232][T22636] vcpu_run+0x24e/0x690 [ 2323.004368][T22636] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2323.009826][T22636] kvm_vcpu_ioctl+0x562/0x8f0 [ 2323.014495][T22636] ? tomoyo_file_ioctl+0x1c/0x20 [ 2323.019417][T22636] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2323.025305][T22636] __se_sys_ioctl+0xcb/0x140 [ 2323.029887][T22636] __x64_sys_ioctl+0x3f/0x50 [ 2323.034457][T22636] do_syscall_64+0x39/0x80 [ 2323.038856][T22636] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2323.044734][T22636] RIP: 0033:0x45e149 [ 2323.048624][T22636] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2323.068289][T22636] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2323.076691][T22636] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2323.084658][T22636] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2323.092720][T22636] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:30 executing program 1 (fault-call:16 fault-nth:54): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2323.100672][T22636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000035 [ 2323.108688][T22636] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2323.222090][T22651] FAULT_INJECTION: forcing a failure. [ 2323.222090][T22651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2323.239141][T22651] CPU: 0 PID: 22651 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2323.249478][T22651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.259821][T22651] Call Trace: [ 2323.263231][T22651] dump_stack+0x116/0x15d [ 2323.268503][T22651] should_fail+0x231/0x240 [ 2323.275158][T22651] should_fail_usercopy+0x16/0x20 [ 2323.280365][T22651] __kvm_read_guest_page+0xb6/0x130 [ 2323.286818][T22651] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2323.293144][T22651] kvm_fetch_guest_virt+0xef/0x130 [ 2323.299961][T22651] ? emulator_write_std+0x1a0/0x1a0 [ 2323.305395][T22651] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2323.311310][T22651] x86_decode_insn+0x182/0x2b70 [ 2323.317932][T22651] ? vmx_cache_reg+0xca/0x330 [ 2323.322982][T22651] ? init_decode_cache+0x48/0x50 [ 2323.329143][T22651] ? init_emulate_ctxt+0x247/0x280 [ 2323.336211][T22651] x86_emulate_instruction+0x21d/0x2a80 [ 2323.344320][T22651] kvm_mmu_page_fault+0x315/0x3c0 [ 2323.349349][T22651] handle_ept_violation+0x277/0x350 [ 2323.354690][T22651] ? handle_desc+0x60/0x60 [ 2323.359086][T22651] vmx_handle_exit+0x2fd/0x7e0 [ 2323.363883][T22651] vcpu_enter_guest+0x19f6/0x24f0 [ 2323.369027][T22651] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2323.374797][T22651] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2323.379980][T22651] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2323.384896][T22651] vcpu_run+0x24e/0x690 [ 2323.389066][T22651] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2323.394574][T22651] kvm_vcpu_ioctl+0x562/0x8f0 [ 2323.399253][T22651] ? tomoyo_file_ioctl+0x1c/0x20 [ 2323.404277][T22651] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2323.410203][T22651] __se_sys_ioctl+0xcb/0x140 [ 2323.414788][T22651] __x64_sys_ioctl+0x3f/0x50 [ 2323.419369][T22651] do_syscall_64+0x39/0x80 [ 2323.423827][T22651] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2323.429806][T22651] RIP: 0033:0x45e149 [ 2323.433690][T22651] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2323.453383][T22651] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2323.461795][T22651] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) 20:59:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda", 0x1c}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2323.469747][T22651] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2323.477710][T22651] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2323.485704][T22651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000036 [ 2323.493818][T22651] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:31 executing program 1 (fault-call:16 fault-nth:55): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2323.608892][T22664] FAULT_INJECTION: forcing a failure. [ 2323.608892][T22664] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2323.625714][T22664] CPU: 0 PID: 22664 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2323.634148][T22664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2323.644226][T22664] Call Trace: [ 2323.647595][T22664] dump_stack+0x116/0x15d [ 2323.651922][T22664] should_fail+0x231/0x240 [ 2323.657308][T22664] should_fail_usercopy+0x16/0x20 [ 2323.664866][T22664] __kvm_read_guest_page+0xb6/0x130 [ 2323.670166][T22664] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2323.675773][T22664] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2323.681237][T22664] kvm_vcpu_read_guest+0x89/0x110 [ 2323.686334][T22664] read_emulate+0x27/0x40 [ 2323.691327][T22664] emulator_read_write_onepage+0x164/0x490 [ 2323.697274][T22664] emulator_read_write+0x173/0x310 [ 2323.704994][T22664] emulator_read_emulated+0x37/0x40 [ 2323.710215][T22664] x86_emulate_insn+0x81c/0x2fc0 [ 2323.715206][T22664] x86_emulate_instruction+0x75f/0x2a80 [ 2323.721776][T22664] kvm_mmu_page_fault+0x315/0x3c0 [ 2323.729393][T22664] handle_ept_violation+0x277/0x350 [ 2323.734716][T22664] ? handle_desc+0x60/0x60 [ 2323.742419][T22664] vmx_handle_exit+0x2fd/0x7e0 [ 2323.747212][T22664] vcpu_enter_guest+0x19f6/0x24f0 [ 2323.753302][T22664] ? irqentry_exit+0x2a/0x40 [ 2323.758206][T22664] ? __tsan_read8+0x15a/0x180 [ 2323.764392][T22664] vcpu_run+0x24e/0x690 [ 2323.771124][T22664] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2323.779022][T22664] kvm_vcpu_ioctl+0x562/0x8f0 [ 2323.786723][T22664] ? tomoyo_file_ioctl+0x1c/0x20 [ 2323.791894][T22664] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2323.800279][T22664] __se_sys_ioctl+0xcb/0x140 [ 2323.805690][T22664] __x64_sys_ioctl+0x3f/0x50 [ 2323.812000][T22664] do_syscall_64+0x39/0x80 [ 2323.817850][T22664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2323.823743][T22664] RIP: 0033:0x45e149 [ 2323.827647][T22664] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2323.847238][T22664] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2323.855650][T22664] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2323.863609][T22664] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2323.871560][T22664] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2323.879575][T22664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000037 [ 2323.887522][T22664] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:31 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:31 executing program 1 (fault-call:16 fault-nth:56): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2324.031178][T22676] FAULT_INJECTION: forcing a failure. [ 2324.031178][T22676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2324.044500][T22676] CPU: 1 PID: 22676 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2324.053021][T22676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.063056][T22676] Call Trace: [ 2324.066517][T22676] dump_stack+0x116/0x15d [ 2324.070842][T22676] should_fail+0x231/0x240 [ 2324.075246][T22676] should_fail_usercopy+0x16/0x20 [ 2324.080287][T22676] __kvm_write_guest_page+0xda/0x220 [ 2324.085686][T22676] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2324.091501][T22676] kvm_vcpu_write_guest+0x89/0x110 [ 2324.096602][T22676] write_emulate+0x2c/0x70 [ 2324.101036][T22676] emulator_read_write_onepage+0x164/0x490 [ 2324.106829][T22676] emulator_read_write+0x173/0x310 [ 2324.111932][T22676] emulator_write_emulated+0x37/0x40 [ 2324.117310][T22676] writeback+0x3d4/0x540 [ 2324.121703][T22676] x86_emulate_insn+0x1787/0x2fc0 [ 2324.126717][T22676] ? em_salc+0x8/0x8 [ 2324.130611][T22676] x86_emulate_instruction+0x75f/0x2a80 [ 2324.136208][T22676] kvm_mmu_page_fault+0x315/0x3c0 [ 2324.141231][T22676] handle_ept_violation+0x277/0x350 [ 2324.146523][T22676] ? handle_desc+0x60/0x60 [ 2324.151010][T22676] vmx_handle_exit+0x2fd/0x7e0 [ 2324.155777][T22676] vcpu_enter_guest+0x19f6/0x24f0 [ 2324.160836][T22676] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2324.166477][T22676] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2324.171814][T22676] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2324.176745][T22676] vcpu_run+0x24e/0x690 [ 2324.180881][T22676] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2324.186324][T22676] kvm_vcpu_ioctl+0x562/0x8f0 [ 2324.190986][T22676] ? tomoyo_file_ioctl+0x1c/0x20 [ 2324.196044][T22676] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2324.201936][T22676] __se_sys_ioctl+0xcb/0x140 [ 2324.206539][T22676] __x64_sys_ioctl+0x3f/0x50 [ 2324.211176][T22676] do_syscall_64+0x39/0x80 [ 2324.215579][T22676] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2324.221470][T22676] RIP: 0033:0x45e149 [ 2324.225349][T22676] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.245032][T22676] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2324.253425][T22676] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2324.261380][T22676] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2324.269349][T22676] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:31 executing program 1 (fault-call:16 fault-nth:57): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2324.277323][T22676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000038 [ 2324.285722][T22676] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2324.378783][T22685] FAULT_INJECTION: forcing a failure. [ 2324.378783][T22685] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2324.394766][T22685] CPU: 0 PID: 22685 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2324.403367][T22685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.413940][T22685] Call Trace: [ 2324.417732][T22685] dump_stack+0x116/0x15d [ 2324.422730][T22685] should_fail+0x231/0x240 [ 2324.427881][T22685] should_fail_usercopy+0x16/0x20 [ 2324.433282][T22685] __kvm_read_guest_page+0xb6/0x130 [ 2324.441462][T22685] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2324.448449][T22685] kvm_fetch_guest_virt+0xef/0x130 [ 2324.453834][T22685] ? emulator_write_std+0x1a0/0x1a0 [ 2324.460736][T22685] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2324.469221][T22685] x86_decode_insn+0x182/0x2b70 [ 2324.474353][T22685] ? vmx_cache_reg+0xca/0x330 [ 2324.479296][T22685] ? init_decode_cache+0x48/0x50 [ 2324.484487][T22685] ? init_emulate_ctxt+0x247/0x280 [ 2324.489863][T22685] x86_emulate_instruction+0x21d/0x2a80 [ 2324.496224][T22685] kvm_mmu_page_fault+0x315/0x3c0 [ 2324.501448][T22685] handle_ept_violation+0x277/0x350 [ 2324.509157][T22685] ? handle_desc+0x60/0x60 [ 2324.514340][T22685] vmx_handle_exit+0x2fd/0x7e0 [ 2324.519658][T22685] vcpu_enter_guest+0x19f6/0x24f0 [ 2324.524852][T22685] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2324.530560][T22685] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2324.538575][T22685] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2324.545132][T22685] vcpu_run+0x24e/0x690 [ 2324.550951][T22685] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2324.558213][T22685] kvm_vcpu_ioctl+0x562/0x8f0 [ 2324.564526][T22685] ? tomoyo_file_ioctl+0x1c/0x20 [ 2324.569720][T22685] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2324.577257][T22685] __se_sys_ioctl+0xcb/0x140 [ 2324.581937][T22685] __x64_sys_ioctl+0x3f/0x50 [ 2324.586605][T22685] do_syscall_64+0x39/0x80 [ 2324.591100][T22685] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2324.596979][T22685] RIP: 0033:0x45e149 [ 2324.600864][T22685] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.620519][T22685] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:32 executing program 1 (fault-call:16 fault-nth:58): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2324.628911][T22685] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2324.636942][T22685] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2324.644906][T22685] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2324.652885][T22685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000039 [ 2324.660863][T22685] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2324.747140][T22692] FAULT_INJECTION: forcing a failure. [ 2324.747140][T22692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2324.760578][T22692] CPU: 1 PID: 22692 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2324.769233][T22692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2324.779294][T22692] Call Trace: [ 2324.782565][T22692] dump_stack+0x116/0x15d [ 2324.786895][T22692] should_fail+0x231/0x240 [ 2324.791294][T22692] should_fail_usercopy+0x16/0x20 [ 2324.796335][T22692] __kvm_read_guest_page+0xb6/0x130 [ 2324.801527][T22692] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2324.807111][T22692] kvm_fetch_guest_virt+0xef/0x130 [ 2324.812388][T22692] ? emulator_write_std+0x1a0/0x1a0 [ 2324.817626][T22692] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2324.823028][T22692] x86_decode_insn+0x182/0x2b70 [ 2324.827894][T22692] ? vmx_cache_reg+0xca/0x330 [ 2324.832625][T22692] ? init_decode_cache+0x48/0x50 [ 2324.837548][T22692] ? init_emulate_ctxt+0x247/0x280 [ 2324.842653][T22692] x86_emulate_instruction+0x21d/0x2a80 [ 2324.848279][T22692] kvm_mmu_page_fault+0x315/0x3c0 [ 2324.853295][T22692] handle_ept_violation+0x277/0x350 [ 2324.858548][T22692] ? handle_desc+0x60/0x60 [ 2324.862971][T22692] vmx_handle_exit+0x2fd/0x7e0 [ 2324.867732][T22692] vcpu_enter_guest+0x19f6/0x24f0 [ 2324.872775][T22692] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2324.878454][T22692] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2324.883646][T22692] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2324.888632][T22692] vcpu_run+0x24e/0x690 [ 2324.892915][T22692] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2324.898495][T22692] kvm_vcpu_ioctl+0x562/0x8f0 [ 2324.903296][T22692] ? tomoyo_file_ioctl+0x1c/0x20 [ 2324.908296][T22692] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2324.914287][T22692] __se_sys_ioctl+0xcb/0x140 [ 2324.919474][T22692] __x64_sys_ioctl+0x3f/0x50 [ 2324.924062][T22692] do_syscall_64+0x39/0x80 [ 2324.928562][T22692] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2324.934485][T22692] RIP: 0033:0x45e149 [ 2324.938362][T22692] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2324.958063][T22692] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2324.967203][T22692] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2324.975256][T22692] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2324.983219][T22692] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:32 executing program 1 (fault-call:16 fault-nth:59): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2324.991177][T22692] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003a [ 2324.999131][T22692] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2325.115038][T22699] FAULT_INJECTION: forcing a failure. [ 2325.115038][T22699] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2325.131306][T22699] CPU: 0 PID: 22699 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2325.140184][T22699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.151874][T22699] Call Trace: [ 2325.155568][T22699] dump_stack+0x116/0x15d [ 2325.160823][T22699] should_fail+0x231/0x240 [ 2325.167093][T22699] should_fail_usercopy+0x16/0x20 [ 2325.173260][T22699] __kvm_read_guest_page+0xb6/0x130 [ 2325.178972][T22699] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2325.184618][T22699] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2325.191180][T22699] kvm_vcpu_read_guest+0x89/0x110 [ 2325.196780][T22699] read_emulate+0x27/0x40 [ 2325.202256][T22699] emulator_read_write_onepage+0x164/0x490 [ 2325.208715][T22699] emulator_read_write+0x173/0x310 [ 2325.213920][T22699] emulator_read_emulated+0x37/0x40 [ 2325.219515][T22699] x86_emulate_insn+0x81c/0x2fc0 [ 2325.224756][T22699] x86_emulate_instruction+0x75f/0x2a80 [ 2325.231838][T22699] kvm_mmu_page_fault+0x315/0x3c0 [ 2325.237902][T22699] handle_ept_violation+0x277/0x350 [ 2325.244448][T22699] ? handle_desc+0x60/0x60 [ 2325.249381][T22699] vmx_handle_exit+0x2fd/0x7e0 [ 2325.254853][T22699] vcpu_enter_guest+0x19f6/0x24f0 [ 2325.260217][T22699] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2325.268453][T22699] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2325.273665][T22699] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2325.278785][T22699] vcpu_run+0x24e/0x690 [ 2325.283913][T22699] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2325.290506][T22699] kvm_vcpu_ioctl+0x562/0x8f0 [ 2325.296763][T22699] ? tomoyo_file_ioctl+0x1c/0x20 [ 2325.301731][T22699] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2325.307611][T22699] __se_sys_ioctl+0xcb/0x140 [ 2325.312434][T22699] __x64_sys_ioctl+0x3f/0x50 [ 2325.317009][T22699] do_syscall_64+0x39/0x80 [ 2325.321473][T22699] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2325.327359][T22699] RIP: 0033:0x45e149 [ 2325.331333][T22699] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2325.350925][T22699] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:33 executing program 1 (fault-call:16 fault-nth:60): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2325.359359][T22699] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2325.367318][T22699] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2325.375276][T22699] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2325.383236][T22699] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003b [ 2325.391240][T22699] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2325.490290][T22706] FAULT_INJECTION: forcing a failure. [ 2325.490290][T22706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2325.505336][T22706] CPU: 0 PID: 22706 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2325.513844][T22706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.523905][T22706] Call Trace: [ 2325.527183][T22706] dump_stack+0x116/0x15d [ 2325.531512][T22706] should_fail+0x231/0x240 [ 2325.535957][T22706] should_fail_usercopy+0x16/0x20 [ 2325.540961][T22706] __kvm_write_guest_page+0xda/0x220 [ 2325.546263][T22706] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2325.551900][T22706] kvm_vcpu_write_guest+0x89/0x110 [ 2325.557015][T22706] write_emulate+0x2c/0x70 [ 2325.561422][T22706] emulator_read_write_onepage+0x164/0x490 [ 2325.567214][T22706] emulator_read_write+0x173/0x310 [ 2325.572319][T22706] emulator_write_emulated+0x37/0x40 [ 2325.577617][T22706] writeback+0x3d4/0x540 [ 2325.581878][T22706] x86_emulate_insn+0x1787/0x2fc0 [ 2325.586975][T22706] ? em_salc+0x8/0x8 [ 2325.590952][T22706] x86_emulate_instruction+0x75f/0x2a80 [ 2325.596502][T22706] kvm_mmu_page_fault+0x315/0x3c0 [ 2325.601678][T22706] handle_ept_violation+0x277/0x350 [ 2325.606866][T22706] ? handle_desc+0x60/0x60 [ 2325.611321][T22706] vmx_handle_exit+0x2fd/0x7e0 [ 2325.616066][T22706] vcpu_enter_guest+0x19f6/0x24f0 [ 2325.621092][T22706] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2325.626742][T22706] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2325.631989][T22706] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2325.636997][T22706] vcpu_run+0x24e/0x690 [ 2325.641215][T22706] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2325.646718][T22706] kvm_vcpu_ioctl+0x562/0x8f0 [ 2325.651407][T22706] ? tomoyo_file_ioctl+0x1c/0x20 [ 2325.656348][T22706] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2325.662243][T22706] __se_sys_ioctl+0xcb/0x140 [ 2325.666831][T22706] __x64_sys_ioctl+0x3f/0x50 [ 2325.671453][T22706] do_syscall_64+0x39/0x80 [ 2325.675857][T22706] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2325.681734][T22706] RIP: 0033:0x45e149 [ 2325.685615][T22706] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2325.705432][T22706] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2325.713843][T22706] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2325.721796][T22706] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2325.729750][T22706] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2325.737820][T22706] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003c [ 2325.745816][T22706] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:33 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x600, 0x0) 20:59:33 executing program 1 (fault-call:16 fault-nth:61): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2325.928659][T22714] FAULT_INJECTION: forcing a failure. [ 2325.928659][T22714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2325.945208][T22714] CPU: 1 PID: 22714 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2325.953708][T22714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2325.963767][T22714] Call Trace: [ 2325.967038][T22714] dump_stack+0x116/0x15d [ 2325.971733][T22714] should_fail+0x231/0x240 [ 2325.976155][T22714] should_fail_usercopy+0x16/0x20 [ 2325.981183][T22714] __kvm_read_guest_page+0xb6/0x130 [ 2325.986578][T22714] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2325.992163][T22714] kvm_fetch_guest_virt+0xef/0x130 [ 2325.997469][T22714] ? emulator_write_std+0x1a0/0x1a0 [ 2326.002709][T22714] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2326.008157][T22714] x86_decode_insn+0x182/0x2b70 [ 2326.013095][T22714] ? vmx_cache_reg+0xca/0x330 [ 2326.017865][T22714] ? init_decode_cache+0x48/0x50 [ 2326.022795][T22714] ? init_emulate_ctxt+0x247/0x280 [ 2326.027944][T22714] x86_emulate_instruction+0x21d/0x2a80 [ 2326.033638][T22714] kvm_mmu_page_fault+0x315/0x3c0 [ 2326.038666][T22714] handle_ept_violation+0x277/0x350 [ 2326.044087][T22714] ? handle_desc+0x60/0x60 [ 2326.048684][T22714] vmx_handle_exit+0x2fd/0x7e0 [ 2326.053461][T22714] vcpu_enter_guest+0x19f6/0x24f0 [ 2326.058479][T22714] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2326.064114][T22714] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2326.069573][T22714] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2326.074628][T22714] vcpu_run+0x24e/0x690 [ 2326.078764][T22714] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2326.084255][T22714] kvm_vcpu_ioctl+0x562/0x8f0 [ 2326.088970][T22714] ? tomoyo_file_ioctl+0x1c/0x20 [ 2326.093958][T22714] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2326.100016][T22714] __se_sys_ioctl+0xcb/0x140 [ 2326.104811][T22714] __x64_sys_ioctl+0x3f/0x50 [ 2326.109446][T22714] do_syscall_64+0x39/0x80 [ 2326.113847][T22714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2326.119753][T22714] RIP: 0033:0x45e149 [ 2326.123628][T22714] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2326.143215][T22714] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2326.151627][T22714] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2326.159642][T22714] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2326.167689][T22714] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2326.175735][T22714] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003d [ 2326.183793][T22714] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:34 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:34 executing program 1 (fault-call:16 fault-nth:62): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246", 0x2a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) [ 2326.635837][T22734] FAULT_INJECTION: forcing a failure. [ 2326.635837][T22734] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2326.649451][T22734] CPU: 1 PID: 22734 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2326.657876][T22734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2326.667942][T22734] Call Trace: [ 2326.671243][T22734] dump_stack+0x116/0x15d [ 2326.675575][T22734] should_fail+0x231/0x240 [ 2326.680007][T22734] should_fail_usercopy+0x16/0x20 [ 2326.685281][T22734] __kvm_read_guest_page+0xb6/0x130 [ 2326.690470][T22734] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2326.696285][T22734] kvm_fetch_guest_virt+0xef/0x130 [ 2326.701409][T22734] ? emulator_write_std+0x1a0/0x1a0 [ 2326.706609][T22734] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2326.711897][T22734] x86_decode_insn+0x182/0x2b70 [ 2326.716949][T22734] ? vmx_cache_reg+0xca/0x330 [ 2326.721620][T22734] ? init_decode_cache+0x48/0x50 [ 2326.726554][T22734] ? init_emulate_ctxt+0x247/0x280 [ 2326.731663][T22734] x86_emulate_instruction+0x21d/0x2a80 [ 2326.737210][T22734] kvm_mmu_page_fault+0x315/0x3c0 [ 2326.742274][T22734] handle_ept_violation+0x277/0x350 [ 2326.747520][T22734] ? handle_desc+0x60/0x60 [ 2326.751959][T22734] vmx_handle_exit+0x2fd/0x7e0 [ 2326.756715][T22734] vcpu_enter_guest+0x19f6/0x24f0 [ 2326.761745][T22734] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2326.767361][T22734] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2326.772542][T22734] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2326.777562][T22734] vcpu_run+0x24e/0x690 [ 2326.781696][T22734] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2326.787181][T22734] kvm_vcpu_ioctl+0x562/0x8f0 [ 2326.791834][T22734] ? tomoyo_file_ioctl+0x1c/0x20 [ 2326.796798][T22734] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2326.802756][T22734] __se_sys_ioctl+0xcb/0x140 [ 2326.807337][T22734] __x64_sys_ioctl+0x3f/0x50 [ 2326.811912][T22734] do_syscall_64+0x39/0x80 [ 2326.816314][T22734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2326.822195][T22734] RIP: 0033:0x45e149 [ 2326.826119][T22734] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2326.845715][T22734] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2326.854286][T22734] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2326.862404][T22734] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2326.870434][T22734] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2326.878416][T22734] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003e [ 2326.886364][T22734] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:34 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:34 executing program 1 (fault-call:16 fault-nth:63): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2327.051828][T22746] FAULT_INJECTION: forcing a failure. [ 2327.051828][T22746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2327.065074][T22746] CPU: 0 PID: 22746 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2327.073494][T22746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.083537][T22746] Call Trace: [ 2327.086816][T22746] dump_stack+0x116/0x15d [ 2327.091130][T22746] should_fail+0x231/0x240 [ 2327.095611][T22746] should_fail_usercopy+0x16/0x20 [ 2327.100654][T22746] __kvm_read_guest_page+0xb6/0x130 [ 2327.105840][T22746] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2327.111487][T22746] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2327.116931][T22746] kvm_vcpu_read_guest+0x89/0x110 [ 2327.121997][T22746] read_emulate+0x27/0x40 [ 2327.127093][T22746] emulator_read_write_onepage+0x164/0x490 [ 2327.132961][T22746] emulator_read_write+0x173/0x310 [ 2327.138058][T22746] emulator_read_emulated+0x37/0x40 [ 2327.143245][T22746] x86_emulate_insn+0x81c/0x2fc0 [ 2327.148179][T22746] x86_emulate_instruction+0x75f/0x2a80 [ 2327.153758][T22746] kvm_mmu_page_fault+0x315/0x3c0 [ 2327.158775][T22746] handle_ept_violation+0x277/0x350 [ 2327.164045][T22746] ? handle_desc+0x60/0x60 [ 2327.169018][T22746] vmx_handle_exit+0x2fd/0x7e0 [ 2327.174390][T22746] vcpu_enter_guest+0x19f6/0x24f0 [ 2327.179402][T22746] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2327.185016][T22746] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2327.190200][T22746] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2327.195149][T22746] vcpu_run+0x24e/0x690 [ 2327.199309][T22746] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2327.204855][T22746] kvm_vcpu_ioctl+0x562/0x8f0 [ 2327.209551][T22746] ? tomoyo_file_ioctl+0x1c/0x20 [ 2327.214491][T22746] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2327.220378][T22746] __se_sys_ioctl+0xcb/0x140 [ 2327.224952][T22746] __x64_sys_ioctl+0x3f/0x50 [ 2327.229599][T22746] do_syscall_64+0x39/0x80 [ 2327.234013][T22746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2327.239913][T22746] RIP: 0033:0x45e149 [ 2327.243791][T22746] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2327.263532][T22746] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2327.272180][T22746] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2327.280180][T22746] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2327.288147][T22746] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:34 executing program 1 (fault-call:16 fault-nth:64): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2327.296103][T22746] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000003f [ 2327.304075][T22746] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2327.406047][T22756] FAULT_INJECTION: forcing a failure. [ 2327.406047][T22756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2327.420135][T22756] CPU: 1 PID: 22756 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2327.430941][T22756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.441650][T22756] Call Trace: [ 2327.446858][T22756] dump_stack+0x116/0x15d [ 2327.452002][T22756] should_fail+0x231/0x240 [ 2327.458362][T22756] should_fail_usercopy+0x16/0x20 [ 2327.464658][T22756] __kvm_write_guest_page+0xda/0x220 [ 2327.472292][T22756] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2327.478909][T22756] kvm_vcpu_write_guest+0x89/0x110 [ 2327.484329][T22756] write_emulate+0x2c/0x70 [ 2327.490557][T22756] emulator_read_write_onepage+0x164/0x490 [ 2327.499066][T22756] emulator_read_write+0x173/0x310 [ 2327.505469][T22756] emulator_write_emulated+0x37/0x40 [ 2327.511827][T22756] writeback+0x3d4/0x540 [ 2327.517004][T22756] x86_emulate_insn+0x1787/0x2fc0 [ 2327.524592][T22756] ? em_salc+0x8/0x8 [ 2327.529606][T22756] x86_emulate_instruction+0x75f/0x2a80 [ 2327.537365][T22756] kvm_mmu_page_fault+0x315/0x3c0 [ 2327.543726][T22756] handle_ept_violation+0x277/0x350 [ 2327.548970][T22756] ? handle_desc+0x60/0x60 [ 2327.553368][T22756] vmx_handle_exit+0x2fd/0x7e0 [ 2327.558124][T22756] vcpu_enter_guest+0x19f6/0x24f0 [ 2327.563379][T22756] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2327.569109][T22756] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2327.574296][T22756] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2327.579221][T22756] vcpu_run+0x24e/0x690 [ 2327.583358][T22756] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2327.588819][T22756] kvm_vcpu_ioctl+0x562/0x8f0 [ 2327.593475][T22756] ? tomoyo_file_ioctl+0x1c/0x20 [ 2327.598401][T22756] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2327.604377][T22756] __se_sys_ioctl+0xcb/0x140 [ 2327.608959][T22756] __x64_sys_ioctl+0x3f/0x50 [ 2327.613560][T22756] do_syscall_64+0x39/0x80 [ 2327.618030][T22756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2327.623919][T22756] RIP: 0033:0x45e149 [ 2327.627803][T22756] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2327.647506][T22756] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:35 executing program 1 (fault-call:16 fault-nth:65): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2327.655919][T22756] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2327.663903][T22756] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2327.672028][T22756] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2327.680207][T22756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040 [ 2327.688165][T22756] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2327.781049][T22763] FAULT_INJECTION: forcing a failure. [ 2327.781049][T22763] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2327.806457][T22763] CPU: 0 PID: 22763 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2327.814909][T22763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2327.825072][T22763] Call Trace: [ 2327.828348][T22763] dump_stack+0x116/0x15d [ 2327.833023][T22763] should_fail+0x231/0x240 [ 2327.837576][T22763] should_fail_usercopy+0x16/0x20 [ 2327.842718][T22763] __kvm_read_guest_page+0xb6/0x130 [ 2327.848028][T22763] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2327.853589][T22763] kvm_fetch_guest_virt+0xef/0x130 [ 2327.858705][T22763] ? emulator_write_std+0x1a0/0x1a0 [ 2327.863985][T22763] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2327.869436][T22763] x86_decode_insn+0x182/0x2b70 [ 2327.874281][T22763] ? vmx_cache_reg+0xca/0x330 [ 2327.878952][T22763] ? init_decode_cache+0x48/0x50 [ 2327.883889][T22763] ? init_emulate_ctxt+0x247/0x280 [ 2327.889027][T22763] x86_emulate_instruction+0x21d/0x2a80 [ 2327.894578][T22763] kvm_mmu_page_fault+0x315/0x3c0 [ 2327.899614][T22763] handle_ept_violation+0x277/0x350 [ 2327.904894][T22763] ? handle_desc+0x60/0x60 [ 2327.909405][T22763] vmx_handle_exit+0x2fd/0x7e0 [ 2327.914234][T22763] vcpu_enter_guest+0x19f6/0x24f0 [ 2327.919326][T22763] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2327.924940][T22763] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2327.930121][T22763] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2327.935117][T22763] vcpu_run+0x24e/0x690 [ 2327.939259][T22763] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2327.944780][T22763] kvm_vcpu_ioctl+0x562/0x8f0 [ 2327.949493][T22763] ? tomoyo_file_ioctl+0x1c/0x20 [ 2327.954530][T22763] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2327.960434][T22763] __se_sys_ioctl+0xcb/0x140 [ 2327.965009][T22763] __x64_sys_ioctl+0x3f/0x50 [ 2327.969659][T22763] do_syscall_64+0x39/0x80 [ 2327.974080][T22763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2327.979972][T22763] RIP: 0033:0x45e149 [ 2327.983853][T22763] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2328.003559][T22763] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2328.011952][T22763] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2328.019909][T22763] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 20:59:35 executing program 1 (fault-call:16 fault-nth:66): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2328.027875][T22763] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2328.035829][T22763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000041 [ 2328.043846][T22763] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2328.134212][T22770] FAULT_INJECTION: forcing a failure. [ 2328.134212][T22770] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.152026][T22770] CPU: 1 PID: 22770 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2328.162081][T22770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.173453][T22770] Call Trace: [ 2328.178563][T22770] dump_stack+0x116/0x15d [ 2328.184702][T22770] should_fail+0x231/0x240 [ 2328.190939][T22770] should_fail_usercopy+0x16/0x20 [ 2328.197422][T22770] __kvm_read_guest_page+0xb6/0x130 [ 2328.202945][T22770] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2328.209879][T22770] kvm_fetch_guest_virt+0xef/0x130 [ 2328.216581][T22770] ? emulator_write_std+0x1a0/0x1a0 [ 2328.223288][T22770] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2328.229851][T22770] x86_decode_insn+0x182/0x2b70 [ 2328.234809][T22770] ? vmx_cache_reg+0xca/0x330 [ 2328.241098][T22770] ? init_decode_cache+0x48/0x50 [ 2328.248614][T22770] ? init_emulate_ctxt+0x247/0x280 [ 2328.255197][T22770] x86_emulate_instruction+0x21d/0x2a80 [ 2328.261981][T22770] kvm_mmu_page_fault+0x315/0x3c0 [ 2328.267062][T22770] handle_ept_violation+0x277/0x350 [ 2328.274830][T22770] ? handle_desc+0x60/0x60 [ 2328.279244][T22770] vmx_handle_exit+0x2fd/0x7e0 [ 2328.283991][T22770] vcpu_enter_guest+0x19f6/0x24f0 [ 2328.288999][T22770] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2328.294676][T22770] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2328.299980][T22770] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2328.304924][T22770] vcpu_run+0x24e/0x690 [ 2328.309071][T22770] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2328.314505][T22770] kvm_vcpu_ioctl+0x562/0x8f0 [ 2328.319302][T22770] ? tomoyo_file_ioctl+0x1c/0x20 [ 2328.324234][T22770] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2328.330111][T22770] __se_sys_ioctl+0xcb/0x140 [ 2328.334821][T22770] __x64_sys_ioctl+0x3f/0x50 [ 2328.339457][T22770] do_syscall_64+0x39/0x80 [ 2328.343928][T22770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2328.349809][T22770] RIP: 0033:0x45e149 [ 2328.353724][T22770] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2328.373318][T22770] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:36 executing program 1 (fault-call:16 fault-nth:67): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2328.381811][T22770] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2328.389777][T22770] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2328.397740][T22770] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2328.405725][T22770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000042 [ 2328.413743][T22770] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2328.492096][T22777] FAULT_INJECTION: forcing a failure. [ 2328.492096][T22777] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.507384][T22777] CPU: 0 PID: 22777 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2328.517489][T22777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.529006][T22777] Call Trace: [ 2328.532758][T22777] dump_stack+0x116/0x15d [ 2328.537106][T22777] should_fail+0x231/0x240 [ 2328.542408][T22777] should_fail_usercopy+0x16/0x20 [ 2328.548043][T22777] __kvm_read_guest_page+0xb6/0x130 [ 2328.553561][T22777] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2328.559651][T22777] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2328.565850][T22777] kvm_vcpu_read_guest+0x89/0x110 [ 2328.571324][T22777] read_emulate+0x27/0x40 [ 2328.576619][T22777] emulator_read_write_onepage+0x164/0x490 [ 2328.582566][T22777] emulator_read_write+0x173/0x310 [ 2328.587714][T22777] emulator_read_emulated+0x37/0x40 [ 2328.593082][T22777] x86_emulate_insn+0x81c/0x2fc0 [ 2328.598090][T22777] x86_emulate_instruction+0x75f/0x2a80 [ 2328.603627][T22777] kvm_mmu_page_fault+0x315/0x3c0 [ 2328.608783][T22777] handle_ept_violation+0x277/0x350 [ 2328.613974][T22777] ? handle_desc+0x60/0x60 [ 2328.618569][T22777] vmx_handle_exit+0x2fd/0x7e0 [ 2328.623378][T22777] vcpu_enter_guest+0x19f6/0x24f0 [ 2328.628392][T22777] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2328.634024][T22777] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2328.639234][T22777] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2328.644209][T22777] vcpu_run+0x24e/0x690 [ 2328.648466][T22777] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2328.654009][T22777] kvm_vcpu_ioctl+0x562/0x8f0 [ 2328.658687][T22777] ? tomoyo_file_ioctl+0x1c/0x20 [ 2328.663674][T22777] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2328.669688][T22777] __se_sys_ioctl+0xcb/0x140 [ 2328.674394][T22777] __x64_sys_ioctl+0x3f/0x50 [ 2328.678972][T22777] do_syscall_64+0x39/0x80 [ 2328.683563][T22777] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2328.689521][T22777] RIP: 0033:0x45e149 [ 2328.693472][T22777] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2328.713064][T22777] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2328.721533][T22777] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2328.729612][T22777] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2328.737596][T22777] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2328.745563][T22777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000043 [ 2328.753628][T22777] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:36 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xc00, 0x0) 20:59:36 executing program 1 (fault-call:16 fault-nth:68): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2328.942349][T22785] FAULT_INJECTION: forcing a failure. [ 2328.942349][T22785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.957521][T22785] CPU: 1 PID: 22785 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2328.966803][T22785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2328.976889][T22785] Call Trace: [ 2328.980210][T22785] dump_stack+0x116/0x15d [ 2328.984752][T22785] should_fail+0x231/0x240 [ 2328.989252][T22785] should_fail_usercopy+0x16/0x20 [ 2328.994256][T22785] __kvm_write_guest_page+0xda/0x220 [ 2328.999522][T22785] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2329.005245][T22785] kvm_vcpu_write_guest+0x89/0x110 [ 2329.010505][T22785] write_emulate+0x2c/0x70 [ 2329.014918][T22785] emulator_read_write_onepage+0x164/0x490 [ 2329.020720][T22785] emulator_read_write+0x173/0x310 [ 2329.025851][T22785] emulator_write_emulated+0x37/0x40 [ 2329.031120][T22785] writeback+0x3d4/0x540 [ 2329.035409][T22785] x86_emulate_insn+0x1787/0x2fc0 [ 2329.040424][T22785] ? em_salc+0x8/0x8 [ 2329.044295][T22785] x86_emulate_instruction+0x75f/0x2a80 [ 2329.049826][T22785] kvm_mmu_page_fault+0x315/0x3c0 [ 2329.054834][T22785] handle_ept_violation+0x277/0x350 [ 2329.060023][T22785] ? handle_desc+0x60/0x60 [ 2329.064429][T22785] vmx_handle_exit+0x2fd/0x7e0 [ 2329.069171][T22785] vcpu_enter_guest+0x19f6/0x24f0 [ 2329.074191][T22785] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2329.079930][T22785] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2329.085271][T22785] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2329.090295][T22785] vcpu_run+0x24e/0x690 [ 2329.094508][T22785] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2329.099985][T22785] kvm_vcpu_ioctl+0x562/0x8f0 [ 2329.104679][T22785] ? tomoyo_file_ioctl+0x1c/0x20 [ 2329.109751][T22785] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2329.115678][T22785] __se_sys_ioctl+0xcb/0x140 [ 2329.120360][T22785] __x64_sys_ioctl+0x3f/0x50 [ 2329.124956][T22785] do_syscall_64+0x39/0x80 [ 2329.129465][T22785] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2329.135687][T22785] RIP: 0033:0x45e149 [ 2329.139597][T22785] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2329.160162][T22785] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2329.168556][T22785] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2329.176607][T22785] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2329.184570][T22785] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2329.192531][T22785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000044 [ 2329.200488][T22785] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:37 executing program 1 (fault-call:16 fault-nth:69): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246", 0x2a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) [ 2329.662682][T22800] FAULT_INJECTION: forcing a failure. [ 2329.662682][T22800] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2329.676354][T22800] CPU: 0 PID: 22800 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2329.684955][T22800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2329.695010][T22800] Call Trace: [ 2329.698347][T22800] dump_stack+0x116/0x15d [ 2329.702688][T22800] should_fail+0x231/0x240 [ 2329.707113][T22800] should_fail_usercopy+0x16/0x20 [ 2329.712147][T22800] __kvm_read_guest_page+0xb6/0x130 [ 2329.717386][T22800] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2329.723002][T22800] kvm_fetch_guest_virt+0xef/0x130 [ 2329.728202][T22800] ? emulator_write_std+0x1a0/0x1a0 [ 2329.733425][T22800] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2329.738792][T22800] x86_decode_insn+0x182/0x2b70 [ 2329.743872][T22800] ? vmx_cache_reg+0xca/0x330 [ 2329.748555][T22800] ? init_decode_cache+0x48/0x50 [ 2329.753496][T22800] ? init_emulate_ctxt+0x247/0x280 [ 2329.758664][T22800] x86_emulate_instruction+0x21d/0x2a80 [ 2329.764243][T22800] kvm_mmu_page_fault+0x315/0x3c0 [ 2329.769366][T22800] handle_ept_violation+0x277/0x350 [ 2329.774684][T22800] ? handle_desc+0x60/0x60 [ 2329.779099][T22800] vmx_handle_exit+0x2fd/0x7e0 [ 2329.784055][T22800] vcpu_enter_guest+0x19f6/0x24f0 [ 2329.789151][T22800] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2329.794813][T22800] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2329.800014][T22800] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2329.804968][T22800] vcpu_run+0x24e/0x690 [ 2329.809222][T22800] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2329.814685][T22800] kvm_vcpu_ioctl+0x562/0x8f0 [ 2329.819368][T22800] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2329.825280][T22800] __se_sys_ioctl+0xcb/0x140 [ 2329.829888][T22800] __x64_sys_ioctl+0x3f/0x50 [ 2329.834560][T22800] do_syscall_64+0x39/0x80 [ 2329.839024][T22800] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2329.844975][T22800] RIP: 0033:0x45e149 [ 2329.848866][T22800] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2329.868496][T22800] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2329.876909][T22800] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2329.885234][T22800] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2329.893274][T22800] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2329.901237][T22800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000045 [ 2329.909211][T22800] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:37 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246", 0x2a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:37 executing program 1 (fault-call:16 fault-nth:70): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2330.100512][T22831] FAULT_INJECTION: forcing a failure. [ 2330.100512][T22831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2330.114889][T22831] CPU: 0 PID: 22831 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2330.123659][T22831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2330.133741][T22831] Call Trace: [ 2330.137011][T22831] dump_stack+0x116/0x15d [ 2330.141331][T22831] should_fail+0x231/0x240 [ 2330.145752][T22831] should_fail_usercopy+0x16/0x20 [ 2330.150783][T22831] __kvm_read_guest_page+0xb6/0x130 [ 2330.155977][T22831] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2330.161579][T22831] kvm_fetch_guest_virt+0xef/0x130 [ 2330.166679][T22831] ? emulator_write_std+0x1a0/0x1a0 [ 2330.171875][T22831] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2330.177173][T22831] x86_decode_insn+0x182/0x2b70 [ 2330.182030][T22831] ? vmx_cache_reg+0xca/0x330 [ 2330.186695][T22831] ? init_decode_cache+0x48/0x50 [ 2330.191700][T22831] ? init_emulate_ctxt+0x247/0x280 [ 2330.197006][T22831] x86_emulate_instruction+0x21d/0x2a80 [ 2330.202595][T22831] kvm_mmu_page_fault+0x315/0x3c0 [ 2330.207702][T22831] handle_ept_violation+0x277/0x350 [ 2330.212919][T22831] ? handle_desc+0x60/0x60 [ 2330.217330][T22831] vmx_handle_exit+0x2fd/0x7e0 [ 2330.222091][T22831] vcpu_enter_guest+0x19f6/0x24f0 [ 2330.227125][T22831] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2330.232788][T22831] ? prandom_u32_state+0x9/0x80 [ 2330.237626][T22831] vcpu_run+0x24e/0x690 [ 2330.241854][T22831] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2330.247295][T22831] kvm_vcpu_ioctl+0x562/0x8f0 [ 2330.252124][T22831] ? tomoyo_file_ioctl+0x1c/0x20 [ 2330.257194][T22831] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2330.263276][T22831] __se_sys_ioctl+0xcb/0x140 [ 2330.267872][T22831] __x64_sys_ioctl+0x3f/0x50 [ 2330.272456][T22831] do_syscall_64+0x39/0x80 [ 2330.276910][T22831] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2330.282811][T22831] RIP: 0033:0x45e149 [ 2330.286697][T22831] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2330.306405][T22831] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2330.315408][T22831] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2330.324690][T22831] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2330.332673][T22831] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2330.340657][T22831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000046 20:59:38 executing program 1 (fault-call:16 fault-nth:71): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2330.348618][T22831] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2330.472985][T22838] FAULT_INJECTION: forcing a failure. [ 2330.472985][T22838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2330.493941][T22838] CPU: 1 PID: 22838 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2330.505343][T22838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2330.517079][T22838] Call Trace: [ 2330.521883][T22838] dump_stack+0x116/0x15d [ 2330.527985][T22838] should_fail+0x231/0x240 [ 2330.533141][T22838] should_fail_usercopy+0x16/0x20 [ 2330.538265][T22838] __kvm_read_guest_page+0xb6/0x130 [ 2330.544798][T22838] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2330.551038][T22838] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2330.556624][T22838] kvm_vcpu_read_guest+0x89/0x110 [ 2330.563261][T22838] read_emulate+0x27/0x40 [ 2330.567678][T22838] emulator_read_write_onepage+0x164/0x490 [ 2330.573664][T22838] emulator_read_write+0x173/0x310 [ 2330.579491][T22838] emulator_read_emulated+0x37/0x40 [ 2330.585180][T22838] x86_emulate_insn+0x81c/0x2fc0 [ 2330.590113][T22838] x86_emulate_instruction+0x75f/0x2a80 [ 2330.595761][T22838] kvm_mmu_page_fault+0x315/0x3c0 [ 2330.600772][T22838] handle_ept_violation+0x277/0x350 [ 2330.606110][T22838] ? handle_desc+0x60/0x60 [ 2330.610603][T22838] vmx_handle_exit+0x2fd/0x7e0 [ 2330.615400][T22838] vcpu_enter_guest+0x19f6/0x24f0 [ 2330.621380][T22838] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2330.627022][T22838] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2330.633047][T22838] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2330.638188][T22838] vcpu_run+0x24e/0x690 [ 2330.642435][T22838] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2330.647871][T22838] kvm_vcpu_ioctl+0x562/0x8f0 [ 2330.652887][T22838] ? tomoyo_file_ioctl+0x1c/0x20 [ 2330.657849][T22838] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2330.663738][T22838] __se_sys_ioctl+0xcb/0x140 [ 2330.668311][T22838] __x64_sys_ioctl+0x3f/0x50 [ 2330.672908][T22838] do_syscall_64+0x39/0x80 [ 2330.677351][T22838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2330.683488][T22838] RIP: 0033:0x45e149 [ 2330.687474][T22838] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2330.707145][T22838] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2330.715692][T22838] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:38 executing program 1 (fault-call:16 fault-nth:72): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2330.723647][T22838] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2330.731599][T22838] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2330.739548][T22838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000047 [ 2330.747498][T22838] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2330.855370][T22845] FAULT_INJECTION: forcing a failure. [ 2330.855370][T22845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2330.871949][T22845] CPU: 1 PID: 22845 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2330.881785][T22845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2330.893027][T22845] Call Trace: [ 2330.896450][T22845] dump_stack+0x116/0x15d [ 2330.902994][T22845] should_fail+0x231/0x240 [ 2330.910607][T22845] should_fail_usercopy+0x16/0x20 [ 2330.917083][T22845] __kvm_write_guest_page+0xda/0x220 [ 2330.922573][T22845] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2330.928194][T22845] kvm_vcpu_write_guest+0x89/0x110 [ 2330.933435][T22845] write_emulate+0x2c/0x70 [ 2330.937866][T22845] emulator_read_write_onepage+0x164/0x490 [ 2330.943653][T22845] emulator_read_write+0x173/0x310 [ 2330.948773][T22845] emulator_write_emulated+0x37/0x40 [ 2330.954675][T22845] writeback+0x3d4/0x540 [ 2330.959065][T22845] x86_emulate_insn+0x1787/0x2fc0 [ 2330.964516][T22845] ? em_salc+0x8/0x8 [ 2330.968395][T22845] x86_emulate_instruction+0x75f/0x2a80 [ 2330.973985][T22845] kvm_mmu_page_fault+0x315/0x3c0 [ 2330.979132][T22845] handle_ept_violation+0x277/0x350 [ 2330.984338][T22845] ? handle_desc+0x60/0x60 [ 2330.988806][T22845] vmx_handle_exit+0x2fd/0x7e0 [ 2330.993552][T22845] vcpu_enter_guest+0x19f6/0x24f0 [ 2330.998576][T22845] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2331.004231][T22845] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2331.009688][T22845] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2331.014629][T22845] vcpu_run+0x24e/0x690 [ 2331.018792][T22845] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2331.024316][T22845] kvm_vcpu_ioctl+0x562/0x8f0 [ 2331.028990][T22845] ? tomoyo_file_ioctl+0x1c/0x20 [ 2331.033925][T22845] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2331.039867][T22845] __se_sys_ioctl+0xcb/0x140 [ 2331.044507][T22845] __x64_sys_ioctl+0x3f/0x50 [ 2331.049211][T22845] do_syscall_64+0x39/0x80 [ 2331.053752][T22845] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2331.059729][T22845] RIP: 0033:0x45e149 [ 2331.063608][T22845] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2331.083451][T22845] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2331.091865][T22845] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2331.099852][T22845] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2331.108028][T22845] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2331.116566][T22845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000048 [ 2331.124526][T22845] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1200, 0x0) 20:59:39 executing program 1 (fault-call:16 fault-nth:73): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2331.960779][T22855] FAULT_INJECTION: forcing a failure. [ 2331.960779][T22855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2331.974070][T22855] CPU: 1 PID: 22855 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2331.982504][T22855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2331.992636][T22855] Call Trace: [ 2331.995916][T22855] dump_stack+0x116/0x15d [ 2332.000257][T22855] should_fail+0x231/0x240 [ 2332.004723][T22855] should_fail_usercopy+0x16/0x20 [ 2332.009758][T22855] __kvm_read_guest_page+0xb6/0x130 [ 2332.014984][T22855] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2332.020541][T22855] kvm_fetch_guest_virt+0xef/0x130 [ 2332.025667][T22855] ? emulator_write_std+0x1a0/0x1a0 [ 2332.030969][T22855] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2332.036242][T22855] x86_decode_insn+0x182/0x2b70 [ 2332.041147][T22855] ? vmx_cache_reg+0xca/0x330 [ 2332.045955][T22855] ? init_decode_cache+0x48/0x50 [ 2332.051091][T22855] ? init_emulate_ctxt+0x247/0x280 [ 2332.056225][T22855] x86_emulate_instruction+0x21d/0x2a80 [ 2332.061769][T22855] kvm_mmu_page_fault+0x315/0x3c0 [ 2332.066788][T22855] handle_ept_violation+0x277/0x350 [ 2332.071984][T22855] ? handle_desc+0x60/0x60 [ 2332.076401][T22855] vmx_handle_exit+0x2fd/0x7e0 [ 2332.081491][T22855] vcpu_enter_guest+0x19f6/0x24f0 [ 2332.086512][T22855] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2332.092175][T22855] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2332.097359][T22855] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2332.102396][T22855] vcpu_run+0x24e/0x690 [ 2332.106536][T22855] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2332.112542][T22855] kvm_vcpu_ioctl+0x562/0x8f0 [ 2332.117440][T22855] ? tomoyo_file_ioctl+0x1c/0x20 [ 2332.122366][T22855] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2332.128246][T22855] __se_sys_ioctl+0xcb/0x140 [ 2332.132915][T22855] __x64_sys_ioctl+0x3f/0x50 [ 2332.137611][T22855] do_syscall_64+0x39/0x80 [ 2332.142044][T22855] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2332.147953][T22855] RIP: 0033:0x45e149 [ 2332.151836][T22855] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2332.171628][T22855] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2332.180172][T22855] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2332.188152][T22855] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2332.196224][T22855] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:39 executing program 1 (fault-call:16 fault-nth:74): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2332.204201][T22855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000049 [ 2332.212255][T22855] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2332.291018][T22867] FAULT_INJECTION: forcing a failure. [ 2332.291018][T22867] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2332.306414][T22867] CPU: 1 PID: 22867 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2332.316234][T22867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2332.326771][T22867] Call Trace: [ 2332.330053][T22867] dump_stack+0x116/0x15d [ 2332.334828][T22867] should_fail+0x231/0x240 [ 2332.339459][T22867] should_fail_usercopy+0x16/0x20 [ 2332.344876][T22867] __kvm_read_guest_page+0xb6/0x130 [ 2332.351405][T22867] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2332.356999][T22867] kvm_fetch_guest_virt+0xef/0x130 [ 2332.363642][T22867] ? emulator_write_std+0x1a0/0x1a0 [ 2332.370225][T22867] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2332.375559][T22867] x86_decode_insn+0x182/0x2b70 [ 2332.380853][T22867] ? vmx_cache_reg+0xca/0x330 [ 2332.386272][T22867] ? init_decode_cache+0x48/0x50 [ 2332.391721][T22867] ? init_emulate_ctxt+0x247/0x280 [ 2332.397012][T22867] x86_emulate_instruction+0x21d/0x2a80 [ 2332.403944][T22867] kvm_mmu_page_fault+0x315/0x3c0 [ 2332.410192][T22867] handle_ept_violation+0x277/0x350 [ 2332.416998][T22867] ? handle_desc+0x60/0x60 [ 2332.422028][T22867] vmx_handle_exit+0x2fd/0x7e0 [ 2332.427042][T22867] vcpu_enter_guest+0x19f6/0x24f0 [ 2332.432722][T22867] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2332.439950][T22867] ? prandom_u32_state+0x9/0x80 [ 2332.444909][T22867] vcpu_run+0x24e/0x690 [ 2332.449957][T22867] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2332.456436][T22867] kvm_vcpu_ioctl+0x562/0x8f0 [ 2332.461881][T22867] ? tomoyo_file_ioctl+0x1c/0x20 [ 2332.468520][T22867] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2332.475169][T22867] __se_sys_ioctl+0xcb/0x140 [ 2332.480259][T22867] __x64_sys_ioctl+0x3f/0x50 [ 2332.486776][T22867] do_syscall_64+0x39/0x80 [ 2332.491704][T22867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2332.497613][T22867] RIP: 0033:0x45e149 [ 2332.502712][T22867] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2332.522586][T22867] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2332.530996][T22867] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:40 executing program 1 (fault-call:16 fault-nth:75): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2332.538970][T22867] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2332.546929][T22867] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2332.555362][T22867] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004a [ 2332.564636][T22867] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) [ 2332.639477][T22874] FAULT_INJECTION: forcing a failure. [ 2332.639477][T22874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2332.653992][T22874] CPU: 0 PID: 22874 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2332.662682][T22874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2332.674147][T22874] Call Trace: [ 2332.677544][T22874] dump_stack+0x116/0x15d [ 2332.682038][T22874] should_fail+0x231/0x240 [ 2332.686586][T22874] should_fail_usercopy+0x16/0x20 [ 2332.691661][T22874] __kvm_read_guest_page+0xb6/0x130 [ 2332.697231][T22874] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2332.704019][T22874] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2332.710886][T22874] kvm_vcpu_read_guest+0x89/0x110 [ 2332.716097][T22874] read_emulate+0x27/0x40 [ 2332.720415][T22874] emulator_read_write_onepage+0x164/0x490 [ 2332.726290][T22874] emulator_read_write+0x173/0x310 [ 2332.731396][T22874] emulator_read_emulated+0x37/0x40 [ 2332.736642][T22874] x86_emulate_insn+0x81c/0x2fc0 [ 2332.741570][T22874] x86_emulate_instruction+0x75f/0x2a80 [ 2332.747265][T22874] kvm_mmu_page_fault+0x315/0x3c0 [ 2332.752285][T22874] handle_ept_violation+0x277/0x350 [ 2332.757496][T22874] ? handle_desc+0x60/0x60 [ 2332.764764][T22874] vmx_handle_exit+0x2fd/0x7e0 [ 2332.769724][T22874] vcpu_enter_guest+0x19f6/0x24f0 [ 2332.774797][T22874] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2332.780430][T22874] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2332.785635][T22874] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2332.790579][T22874] vcpu_run+0x24e/0x690 [ 2332.794729][T22874] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2332.800180][T22874] kvm_vcpu_ioctl+0x562/0x8f0 [ 2332.805116][T22874] ? tomoyo_file_ioctl+0x1c/0x20 [ 2332.810103][T22874] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2332.815998][T22874] __se_sys_ioctl+0xcb/0x140 [ 2332.820610][T22874] __x64_sys_ioctl+0x3f/0x50 [ 2332.825222][T22874] do_syscall_64+0x39/0x80 [ 2332.829657][T22874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2332.835553][T22874] RIP: 0033:0x45e149 [ 2332.839450][T22874] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2332.859126][T22874] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2332.867525][T22874] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2332.875656][T22874] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 20:59:40 executing program 1 (fault-call:16 fault-nth:76): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2332.883627][T22874] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2332.891599][T22874] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004b [ 2332.900104][T22874] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2332.992547][T22884] FAULT_INJECTION: forcing a failure. [ 2332.992547][T22884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2333.007826][T22884] CPU: 1 PID: 22884 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2333.017875][T22884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2333.029132][T22884] Call Trace: [ 2333.034020][T22884] dump_stack+0x116/0x15d [ 2333.038637][T22884] should_fail+0x231/0x240 [ 2333.045089][T22884] should_fail_usercopy+0x16/0x20 [ 2333.052554][T22884] __kvm_write_guest_page+0xda/0x220 [ 2333.058942][T22884] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2333.065358][T22884] kvm_vcpu_write_guest+0x89/0x110 [ 2333.072001][T22884] write_emulate+0x2c/0x70 [ 2333.076909][T22884] emulator_read_write_onepage+0x164/0x490 [ 2333.084506][T22884] emulator_read_write+0x173/0x310 [ 2333.090720][T22884] emulator_write_emulated+0x37/0x40 [ 2333.096150][T22884] writeback+0x3d4/0x540 [ 2333.102564][T22884] x86_emulate_insn+0x1787/0x2fc0 [ 2333.110396][T22884] ? em_salc+0x8/0x8 [ 2333.115630][T22884] x86_emulate_instruction+0x75f/0x2a80 [ 2333.123454][T22884] kvm_mmu_page_fault+0x315/0x3c0 [ 2333.128649][T22884] handle_ept_violation+0x277/0x350 [ 2333.136292][T22884] ? handle_desc+0x60/0x60 [ 2333.141467][T22884] vmx_handle_exit+0x2fd/0x7e0 [ 2333.147682][T22884] vcpu_enter_guest+0x19f6/0x24f0 [ 2333.152694][T22884] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2333.158395][T22884] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2333.163697][T22884] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2333.168808][T22884] vcpu_run+0x24e/0x690 [ 2333.172974][T22884] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2333.178421][T22884] kvm_vcpu_ioctl+0x562/0x8f0 [ 2333.183412][T22884] ? tomoyo_file_ioctl+0x1c/0x20 [ 2333.188357][T22884] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2333.194232][T22884] __se_sys_ioctl+0xcb/0x140 [ 2333.198806][T22884] __x64_sys_ioctl+0x3f/0x50 [ 2333.203394][T22884] do_syscall_64+0x39/0x80 [ 2333.208050][T22884] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2333.214687][T22884] RIP: 0033:0x45e149 [ 2333.218624][T22884] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2333.238287][T22884] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2333.246761][T22884] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2333.255598][T22884] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2333.263812][T22884] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2333.275959][T22884] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004c [ 2333.283935][T22884] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:40 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) 20:59:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c", 0x31}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:40 executing program 1 (fault-call:16 fault-nth:77): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2333.454165][T22899] FAULT_INJECTION: forcing a failure. [ 2333.454165][T22899] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2333.469012][T22899] CPU: 1 PID: 22899 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2333.477577][T22899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2333.487671][T22899] Call Trace: [ 2333.491329][T22899] dump_stack+0x116/0x15d [ 2333.495666][T22899] should_fail+0x231/0x240 [ 2333.500147][T22899] should_fail_usercopy+0x16/0x20 [ 2333.505200][T22899] __kvm_read_guest_page+0xb6/0x130 [ 2333.510573][T22899] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2333.516227][T22899] kvm_fetch_guest_virt+0xef/0x130 [ 2333.521410][T22899] ? emulator_write_std+0x1a0/0x1a0 [ 2333.526684][T22899] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2333.531956][T22899] x86_decode_insn+0x182/0x2b70 [ 2333.536838][T22899] ? vmx_cache_reg+0xca/0x330 [ 2333.541602][T22899] ? init_decode_cache+0x48/0x50 [ 2333.546583][T22899] ? init_emulate_ctxt+0x247/0x280 [ 2333.551841][T22899] x86_emulate_instruction+0x21d/0x2a80 [ 2333.557547][T22899] kvm_mmu_page_fault+0x315/0x3c0 [ 2333.562633][T22899] handle_ept_violation+0x277/0x350 [ 2333.569132][T22899] ? handle_desc+0x60/0x60 [ 2333.573636][T22899] vmx_handle_exit+0x2fd/0x7e0 [ 2333.578772][T22899] vcpu_enter_guest+0x19f6/0x24f0 [ 2333.584005][T22899] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2333.589638][T22899] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2333.594892][T22899] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2333.599828][T22899] vcpu_run+0x24e/0x690 [ 2333.604017][T22899] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2333.609583][T22899] kvm_vcpu_ioctl+0x562/0x8f0 [ 2333.614320][T22899] ? tomoyo_file_ioctl+0x1c/0x20 [ 2333.619264][T22899] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2333.625139][T22899] __se_sys_ioctl+0xcb/0x140 [ 2333.629825][T22899] __x64_sys_ioctl+0x3f/0x50 [ 2333.634463][T22899] do_syscall_64+0x39/0x80 [ 2333.638894][T22899] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2333.644834][T22899] RIP: 0033:0x45e149 [ 2333.648716][T22899] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2333.668396][T22899] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2333.676790][T22899] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2333.684749][T22899] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2333.692701][T22899] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:41 executing program 1 (fault-call:16 fault-nth:78): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2333.700656][T22899] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004d [ 2333.708608][T22899] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2333.801640][T22908] FAULT_INJECTION: forcing a failure. [ 2333.801640][T22908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2333.815168][T22908] CPU: 1 PID: 22908 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2333.823587][T22908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2333.834187][T22908] Call Trace: [ 2333.838635][T22908] dump_stack+0x116/0x15d [ 2333.843690][T22908] should_fail+0x231/0x240 [ 2333.849890][T22908] should_fail_usercopy+0x16/0x20 [ 2333.856324][T22908] __kvm_read_guest_page+0xb6/0x130 [ 2333.863033][T22908] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2333.869527][T22908] kvm_fetch_guest_virt+0xef/0x130 [ 2333.876964][T22908] ? emulator_write_std+0x1a0/0x1a0 [ 2333.883412][T22908] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2333.890137][T22908] x86_decode_insn+0x182/0x2b70 [ 2333.895154][T22908] ? vmx_cache_reg+0xca/0x330 [ 2333.902466][T22908] ? init_decode_cache+0x48/0x50 [ 2333.908748][T22908] ? init_emulate_ctxt+0x247/0x280 [ 2333.915554][T22908] x86_emulate_instruction+0x21d/0x2a80 [ 2333.921824][T22908] kvm_mmu_page_fault+0x315/0x3c0 [ 2333.927180][T22908] handle_ept_violation+0x277/0x350 [ 2333.933975][T22908] ? preempt_schedule+0x54/0x80 [ 2333.941417][T22908] ? handle_desc+0x60/0x60 [ 2333.946464][T22908] vmx_handle_exit+0x2fd/0x7e0 [ 2333.951725][T22908] vcpu_enter_guest+0x19f6/0x24f0 [ 2333.956778][T22908] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2333.962392][T22908] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2333.967646][T22908] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2333.972580][T22908] vcpu_run+0x24e/0x690 [ 2333.977187][T22908] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2333.982626][T22908] kvm_vcpu_ioctl+0x562/0x8f0 [ 2333.987364][T22908] ? tomoyo_file_ioctl+0x1c/0x20 [ 2333.992287][T22908] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2333.998179][T22908] __se_sys_ioctl+0xcb/0x140 [ 2334.002817][T22908] __x64_sys_ioctl+0x3f/0x50 [ 2334.007399][T22908] do_syscall_64+0x39/0x80 [ 2334.011819][T22908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2334.017813][T22908] RIP: 0033:0x45e149 [ 2334.021686][T22908] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2334.041296][T22908] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:59:41 executing program 1 (fault-call:16 fault-nth:79): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2334.049704][T22908] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2334.057660][T22908] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2334.065666][T22908] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2334.073645][T22908] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004e [ 2334.081612][T22908] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2334.165298][T22915] FAULT_INJECTION: forcing a failure. [ 2334.165298][T22915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2334.182626][T22915] CPU: 1 PID: 22915 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2334.192531][T22915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2334.202576][T22915] Call Trace: [ 2334.205868][T22915] dump_stack+0x116/0x15d [ 2334.210248][T22915] should_fail+0x231/0x240 [ 2334.214813][T22915] should_fail_usercopy+0x16/0x20 [ 2334.219877][T22915] __kvm_read_guest_page+0xb6/0x130 [ 2334.225066][T22915] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2334.230633][T22915] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2334.236147][T22915] kvm_vcpu_read_guest+0x89/0x110 [ 2334.241155][T22915] read_emulate+0x27/0x40 [ 2334.245469][T22915] emulator_read_write_onepage+0x164/0x490 [ 2334.251268][T22915] emulator_read_write+0x173/0x310 [ 2334.256362][T22915] emulator_read_emulated+0x37/0x40 [ 2334.261571][T22915] x86_emulate_insn+0x81c/0x2fc0 [ 2334.266499][T22915] x86_emulate_instruction+0x75f/0x2a80 [ 2334.272134][T22915] kvm_mmu_page_fault+0x315/0x3c0 [ 2334.277139][T22915] handle_ept_violation+0x277/0x350 [ 2334.282328][T22915] ? handle_desc+0x60/0x60 [ 2334.286722][T22915] vmx_handle_exit+0x2fd/0x7e0 [ 2334.291499][T22915] vcpu_enter_guest+0x19f6/0x24f0 [ 2334.296514][T22915] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2334.302126][T22915] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2334.307303][T22915] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2334.312287][T22915] vcpu_run+0x24e/0x690 [ 2334.316600][T22915] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2334.322051][T22915] kvm_vcpu_ioctl+0x562/0x8f0 [ 2334.326880][T22915] ? tomoyo_file_ioctl+0x1c/0x20 [ 2334.331808][T22915] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2334.337680][T22915] __se_sys_ioctl+0xcb/0x140 [ 2334.342271][T22915] __x64_sys_ioctl+0x3f/0x50 [ 2334.346869][T22915] do_syscall_64+0x39/0x80 [ 2334.351297][T22915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2334.357211][T22915] RIP: 0033:0x45e149 [ 2334.361098][T22915] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2334.381002][T22915] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2334.389395][T22915] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2334.397436][T22915] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2334.405482][T22915] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2334.413436][T22915] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000004f [ 2334.421398][T22915] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1800, 0x0) 20:59:42 executing program 1 (fault-call:16 fault-nth:80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2334.966237][T22922] FAULT_INJECTION: forcing a failure. [ 2334.966237][T22922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2334.982372][T22922] CPU: 0 PID: 22922 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2334.990813][T22922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.001209][T22922] Call Trace: [ 2335.004486][T22922] dump_stack+0x116/0x15d [ 2335.008820][T22922] should_fail+0x231/0x240 [ 2335.013241][T22922] should_fail_usercopy+0x16/0x20 [ 2335.018260][T22922] __kvm_write_guest_page+0xda/0x220 [ 2335.023560][T22922] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2335.029206][T22922] kvm_vcpu_write_guest+0x89/0x110 [ 2335.034391][T22922] write_emulate+0x2c/0x70 [ 2335.038831][T22922] emulator_read_write_onepage+0x164/0x490 [ 2335.044717][T22922] emulator_read_write+0x173/0x310 [ 2335.049870][T22922] emulator_write_emulated+0x37/0x40 [ 2335.055205][T22922] writeback+0x3d4/0x540 [ 2335.059431][T22922] x86_emulate_insn+0x1787/0x2fc0 [ 2335.064448][T22922] ? em_salc+0x8/0x8 [ 2335.068399][T22922] x86_emulate_instruction+0x75f/0x2a80 [ 2335.073931][T22922] kvm_mmu_page_fault+0x315/0x3c0 [ 2335.078983][T22922] handle_ept_violation+0x277/0x350 [ 2335.084168][T22922] ? handle_desc+0x60/0x60 [ 2335.088591][T22922] vmx_handle_exit+0x2fd/0x7e0 [ 2335.093432][T22922] vcpu_enter_guest+0x19f6/0x24f0 [ 2335.098508][T22922] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2335.104213][T22922] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2335.109409][T22922] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2335.114330][T22922] vcpu_run+0x24e/0x690 [ 2335.118464][T22922] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2335.123904][T22922] kvm_vcpu_ioctl+0x562/0x8f0 [ 2335.128586][T22922] ? tomoyo_file_ioctl+0x1c/0x20 [ 2335.133520][T22922] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2335.139428][T22922] __se_sys_ioctl+0xcb/0x140 [ 2335.144016][T22922] __x64_sys_ioctl+0x3f/0x50 [ 2335.148644][T22922] do_syscall_64+0x39/0x80 [ 2335.153124][T22922] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2335.159018][T22922] RIP: 0033:0x45e149 [ 2335.162909][T22922] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2335.182652][T22922] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2335.191067][T22922] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2335.199036][T22922] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2335.207092][T22922] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:42 executing program 1 (fault-call:16 fault-nth:81): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2335.215043][T22922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000050 [ 2335.222997][T22922] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2335.335125][T22937] FAULT_INJECTION: forcing a failure. [ 2335.335125][T22937] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2335.350962][T22937] CPU: 1 PID: 22937 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2335.360350][T22937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.372750][T22937] Call Trace: [ 2335.376144][T22937] dump_stack+0x116/0x15d [ 2335.382499][T22937] should_fail+0x231/0x240 [ 2335.388480][T22937] should_fail_usercopy+0x16/0x20 [ 2335.396004][T22937] __kvm_read_guest_page+0xb6/0x130 [ 2335.402145][T22937] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2335.408440][T22937] kvm_fetch_guest_virt+0xef/0x130 [ 2335.413600][T22937] ? emulator_write_std+0x1a0/0x1a0 [ 2335.420933][T22937] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2335.427224][T22937] x86_decode_insn+0x182/0x2b70 [ 2335.433307][T22937] ? vmx_cache_reg+0xca/0x330 [ 2335.438134][T22937] ? init_decode_cache+0x48/0x50 [ 2335.445207][T22937] ? init_emulate_ctxt+0x247/0x280 [ 2335.450328][T22937] x86_emulate_instruction+0x21d/0x2a80 [ 2335.455877][T22937] kvm_mmu_page_fault+0x315/0x3c0 [ 2335.460887][T22937] handle_ept_violation+0x277/0x350 [ 2335.466081][T22937] ? handle_desc+0x60/0x60 [ 2335.470517][T22937] vmx_handle_exit+0x2fd/0x7e0 [ 2335.475261][T22937] vcpu_enter_guest+0x19f6/0x24f0 [ 2335.480268][T22937] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2335.485954][T22937] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2335.491141][T22937] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2335.496122][T22937] vcpu_run+0x24e/0x690 [ 2335.500318][T22937] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2335.505833][T22937] kvm_vcpu_ioctl+0x562/0x8f0 [ 2335.510511][T22937] ? tomoyo_file_ioctl+0x1c/0x20 [ 2335.515505][T22937] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2335.521375][T22937] __se_sys_ioctl+0xcb/0x140 [ 2335.525942][T22937] __x64_sys_ioctl+0x3f/0x50 [ 2335.530591][T22937] do_syscall_64+0x39/0x80 [ 2335.534997][T22937] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2335.540871][T22937] RIP: 0033:0x45e149 [ 2335.544795][T22937] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2335.564376][T22937] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2335.572771][T22937] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:43 executing program 1 (fault-call:16 fault-nth:82): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2335.580750][T22937] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2335.588708][T22937] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2335.596669][T22937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000051 [ 2335.604627][T22937] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2335.677536][T22944] FAULT_INJECTION: forcing a failure. [ 2335.677536][T22944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2335.692506][T22944] CPU: 0 PID: 22944 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2335.701991][T22944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2335.712823][T22944] Call Trace: [ 2335.716591][T22944] dump_stack+0x116/0x15d [ 2335.721788][T22944] should_fail+0x231/0x240 [ 2335.727597][T22944] should_fail_usercopy+0x16/0x20 [ 2335.732636][T22944] __kvm_read_guest_page+0xb6/0x130 [ 2335.738014][T22944] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2335.745144][T22944] kvm_fetch_guest_virt+0xef/0x130 [ 2335.751589][T22944] ? emulator_write_std+0x1a0/0x1a0 [ 2335.757226][T22944] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2335.762540][T22944] x86_decode_insn+0x182/0x2b70 [ 2335.767989][T22944] ? vmx_cache_reg+0xca/0x330 [ 2335.772908][T22944] ? init_decode_cache+0x48/0x50 [ 2335.778226][T22944] ? init_emulate_ctxt+0x247/0x280 [ 2335.783349][T22944] x86_emulate_instruction+0x21d/0x2a80 [ 2335.789872][T22944] kvm_mmu_page_fault+0x315/0x3c0 [ 2335.796263][T22944] handle_ept_violation+0x277/0x350 [ 2335.801515][T22944] ? handle_desc+0x60/0x60 [ 2335.806458][T22944] vmx_handle_exit+0x2fd/0x7e0 [ 2335.811557][T22944] vcpu_enter_guest+0x19f6/0x24f0 [ 2335.816697][T22944] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2335.822407][T22944] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2335.827609][T22944] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2335.832695][T22944] vcpu_run+0x24e/0x690 [ 2335.836860][T22944] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2335.842323][T22944] kvm_vcpu_ioctl+0x562/0x8f0 [ 2335.847025][T22944] ? tomoyo_file_ioctl+0x1c/0x20 [ 2335.851983][T22944] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2335.858060][T22944] __se_sys_ioctl+0xcb/0x140 [ 2335.862658][T22944] __x64_sys_ioctl+0x3f/0x50 [ 2335.867246][T22944] do_syscall_64+0x39/0x80 [ 2335.871712][T22944] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2335.877606][T22944] RIP: 0033:0x45e149 [ 2335.881496][T22944] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2335.901102][T22944] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2335.909508][T22944] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2335.917505][T22944] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 20:59:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) [ 2335.925460][T22944] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2335.933410][T22944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000052 [ 2335.941362][T22944] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:43 executing program 1 (fault-call:16 fault-nth:83): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2336.032069][T22954] FAULT_INJECTION: forcing a failure. [ 2336.032069][T22954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2336.048585][T22954] CPU: 0 PID: 22954 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2336.059549][T22954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2336.069604][T22954] Call Trace: [ 2336.072869][T22954] dump_stack+0x116/0x15d [ 2336.077187][T22954] should_fail+0x231/0x240 [ 2336.081592][T22954] should_fail_usercopy+0x16/0x20 [ 2336.086720][T22954] __kvm_read_guest_page+0xb6/0x130 [ 2336.091930][T22954] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2336.097484][T22954] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2336.102928][T22954] kvm_vcpu_read_guest+0x89/0x110 [ 2336.108002][T22954] read_emulate+0x27/0x40 [ 2336.112319][T22954] emulator_read_write_onepage+0x164/0x490 [ 2336.118114][T22954] emulator_read_write+0x173/0x310 [ 2336.123214][T22954] emulator_read_emulated+0x37/0x40 [ 2336.128531][T22954] x86_emulate_insn+0x81c/0x2fc0 [ 2336.133466][T22954] x86_emulate_instruction+0x75f/0x2a80 [ 2336.139028][T22954] kvm_mmu_page_fault+0x315/0x3c0 [ 2336.144039][T22954] handle_ept_violation+0x277/0x350 [ 2336.149291][T22954] ? handle_desc+0x60/0x60 [ 2336.153797][T22954] vmx_handle_exit+0x2fd/0x7e0 [ 2336.158586][T22954] vcpu_enter_guest+0x19f6/0x24f0 [ 2336.163616][T22954] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2336.169277][T22954] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2336.174459][T22954] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2336.179547][T22954] vcpu_run+0x24e/0x690 [ 2336.183683][T22954] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2336.189126][T22954] kvm_vcpu_ioctl+0x562/0x8f0 [ 2336.193826][T22954] ? tomoyo_file_ioctl+0x1c/0x20 [ 2336.198823][T22954] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2336.204785][T22954] __se_sys_ioctl+0xcb/0x140 [ 2336.209440][T22954] __x64_sys_ioctl+0x3f/0x50 [ 2336.214013][T22954] do_syscall_64+0x39/0x80 [ 2336.218471][T22954] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2336.224453][T22954] RIP: 0033:0x45e149 [ 2336.228373][T22954] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2336.247985][T22954] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2336.256410][T22954] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2336.264442][T22954] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2336.272398][T22954] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2336.280357][T22954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000053 [ 2336.288539][T22954] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:44 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) 20:59:44 executing program 1 (fault-call:16 fault-nth:84): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c", 0x31}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2336.440152][T22961] FAULT_INJECTION: forcing a failure. [ 2336.440152][T22961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2336.482629][T22961] CPU: 0 PID: 22961 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2336.491075][T22961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2336.501397][T22961] Call Trace: [ 2336.504674][T22961] dump_stack+0x116/0x15d [ 2336.509009][T22961] should_fail+0x231/0x240 [ 2336.513477][T22961] should_fail_usercopy+0x16/0x20 [ 2336.518992][T22961] __kvm_write_guest_page+0xda/0x220 [ 2336.524432][T22961] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2336.531230][T22961] kvm_vcpu_write_guest+0x89/0x110 [ 2336.536425][T22961] write_emulate+0x2c/0x70 [ 2336.541730][T22961] emulator_read_write_onepage+0x164/0x490 [ 2336.548334][T22961] emulator_read_write+0x173/0x310 [ 2336.553725][T22961] emulator_write_emulated+0x37/0x40 [ 2336.559130][T22961] writeback+0x3d4/0x540 [ 2336.564511][T22961] x86_emulate_insn+0x1787/0x2fc0 [ 2336.569958][T22961] ? em_salc+0x8/0x8 [ 2336.573890][T22961] x86_emulate_instruction+0x75f/0x2a80 [ 2336.580873][T22961] kvm_mmu_page_fault+0x315/0x3c0 [ 2336.586610][T22961] handle_ept_violation+0x277/0x350 [ 2336.591870][T22961] ? handle_desc+0x60/0x60 [ 2336.597229][T22961] vmx_handle_exit+0x2fd/0x7e0 [ 2336.602505][T22961] vcpu_enter_guest+0x19f6/0x24f0 [ 2336.608328][T22961] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2336.615216][T22961] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2336.620469][T22961] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2336.625718][T22961] vcpu_run+0x24e/0x690 [ 2336.631026][T22961] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2336.636505][T22961] kvm_vcpu_ioctl+0x562/0x8f0 [ 2336.641260][T22961] ? tomoyo_file_ioctl+0x1c/0x20 [ 2336.646184][T22961] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2336.652131][T22961] __se_sys_ioctl+0xcb/0x140 [ 2336.656705][T22961] __x64_sys_ioctl+0x3f/0x50 [ 2336.661281][T22961] do_syscall_64+0x39/0x80 [ 2336.665794][T22961] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2336.671719][T22961] RIP: 0033:0x45e149 [ 2336.675661][T22961] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2336.695455][T22961] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2336.703935][T22961] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2336.711907][T22961] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2336.719863][T22961] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:44 executing program 1 (fault-call:16 fault-nth:85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2336.727837][T22961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000054 [ 2336.735787][T22961] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2336.811961][T22979] FAULT_INJECTION: forcing a failure. [ 2336.811961][T22979] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2336.826162][T22979] CPU: 1 PID: 22979 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2336.834593][T22979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2336.844719][T22979] Call Trace: [ 2336.848109][T22979] dump_stack+0x116/0x15d [ 2336.852477][T22979] should_fail+0x231/0x240 [ 2336.856872][T22979] should_fail_usercopy+0x16/0x20 [ 2336.861870][T22979] __kvm_read_guest_page+0xb6/0x130 [ 2336.867063][T22979] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2336.872591][T22979] kvm_fetch_guest_virt+0xef/0x130 [ 2336.877742][T22979] ? emulator_write_std+0x1a0/0x1a0 [ 2336.882950][T22979] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2336.888268][T22979] x86_decode_insn+0x182/0x2b70 [ 2336.893109][T22979] ? vmx_cache_reg+0xca/0x330 [ 2336.897765][T22979] ? init_decode_cache+0x48/0x50 [ 2336.902683][T22979] ? init_emulate_ctxt+0x247/0x280 [ 2336.907873][T22979] x86_emulate_instruction+0x21d/0x2a80 [ 2336.913488][T22979] kvm_mmu_page_fault+0x315/0x3c0 [ 2336.918502][T22979] handle_ept_violation+0x277/0x350 [ 2336.923684][T22979] ? handle_desc+0x60/0x60 [ 2336.928081][T22979] vmx_handle_exit+0x2fd/0x7e0 [ 2336.933336][T22979] vcpu_enter_guest+0x19f6/0x24f0 [ 2336.938456][T22979] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2336.944067][T22979] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2336.949244][T22979] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2336.954197][T22979] vcpu_run+0x24e/0x690 [ 2336.958382][T22979] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2336.964009][T22979] kvm_vcpu_ioctl+0x562/0x8f0 [ 2336.968677][T22979] ? tomoyo_file_ioctl+0x1c/0x20 [ 2336.973604][T22979] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2336.979488][T22979] __se_sys_ioctl+0xcb/0x140 [ 2336.984070][T22979] __x64_sys_ioctl+0x3f/0x50 [ 2336.988785][T22979] do_syscall_64+0x39/0x80 [ 2336.993191][T22979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2336.999118][T22979] RIP: 0033:0x45e149 [ 2337.002997][T22979] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2337.022666][T22979] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2337.031146][T22979] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2337.039252][T22979] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2337.047231][T22979] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2337.055185][T22979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000055 20:59:44 executing program 1 (fault-call:16 fault-nth:86): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2337.063146][T22979] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2337.167690][T22986] FAULT_INJECTION: forcing a failure. [ 2337.167690][T22986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2337.187245][T22986] CPU: 1 PID: 22986 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2337.197717][T22986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2337.209268][T22986] Call Trace: [ 2337.212728][T22986] dump_stack+0x116/0x15d [ 2337.217341][T22986] should_fail+0x231/0x240 [ 2337.222149][T22986] should_fail_usercopy+0x16/0x20 [ 2337.228029][T22986] __kvm_read_guest_page+0xb6/0x130 [ 2337.236043][T22986] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2337.243246][T22986] kvm_fetch_guest_virt+0xef/0x130 [ 2337.249651][T22986] ? emulator_write_std+0x1a0/0x1a0 [ 2337.254854][T22986] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2337.260181][T22986] x86_decode_insn+0x182/0x2b70 [ 2337.265016][T22986] ? vmx_cache_reg+0xca/0x330 [ 2337.269687][T22986] ? init_decode_cache+0x48/0x50 [ 2337.274657][T22986] ? init_emulate_ctxt+0x247/0x280 [ 2337.279762][T22986] x86_emulate_instruction+0x21d/0x2a80 [ 2337.285289][T22986] kvm_mmu_page_fault+0x315/0x3c0 [ 2337.290385][T22986] handle_ept_violation+0x277/0x350 [ 2337.295657][T22986] ? handle_desc+0x60/0x60 [ 2337.300057][T22986] vmx_handle_exit+0x2fd/0x7e0 [ 2337.305001][T22986] vcpu_enter_guest+0x19f6/0x24f0 [ 2337.310093][T22986] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2337.315740][T22986] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2337.320998][T22986] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2337.325918][T22986] vcpu_run+0x24e/0x690 [ 2337.330054][T22986] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2337.335539][T22986] kvm_vcpu_ioctl+0x562/0x8f0 [ 2337.340194][T22986] ? tomoyo_file_ioctl+0x1c/0x20 [ 2337.345134][T22986] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2337.351211][T22986] __se_sys_ioctl+0xcb/0x140 [ 2337.355782][T22986] __x64_sys_ioctl+0x3f/0x50 [ 2337.360401][T22986] do_syscall_64+0x39/0x80 [ 2337.364821][T22986] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2337.370908][T22986] RIP: 0033:0x45e149 [ 2337.374830][T22986] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2337.394420][T22986] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2337.402864][T22986] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2337.410814][T22986] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2337.418764][T22986] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2337.426716][T22986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000056 [ 2337.434708][T22986] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1f00, 0x0) 20:59:45 executing program 1 (fault-call:16 fault-nth:87): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2338.014445][T22993] FAULT_INJECTION: forcing a failure. [ 2338.014445][T22993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2338.028068][T22993] CPU: 1 PID: 22993 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2338.036485][T22993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.046613][T22993] Call Trace: [ 2338.049894][T22993] dump_stack+0x116/0x15d [ 2338.054286][T22993] should_fail+0x231/0x240 [ 2338.058698][T22993] should_fail_usercopy+0x16/0x20 [ 2338.063840][T22993] __kvm_read_guest_page+0xb6/0x130 [ 2338.069241][T22993] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2338.074792][T22993] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2338.080291][T22993] kvm_vcpu_read_guest+0x89/0x110 [ 2338.085315][T22993] read_emulate+0x27/0x40 [ 2338.089650][T22993] emulator_read_write_onepage+0x164/0x490 [ 2338.095468][T22993] emulator_read_write+0x173/0x310 [ 2338.101016][T22993] emulator_read_emulated+0x37/0x40 [ 2338.106222][T22993] x86_emulate_insn+0x81c/0x2fc0 [ 2338.111157][T22993] x86_emulate_instruction+0x75f/0x2a80 [ 2338.116692][T22993] kvm_mmu_page_fault+0x315/0x3c0 [ 2338.121736][T22993] handle_ept_violation+0x277/0x350 [ 2338.126947][T22993] ? handle_desc+0x60/0x60 [ 2338.131390][T22993] vmx_handle_exit+0x2fd/0x7e0 [ 2338.136215][T22993] vcpu_enter_guest+0x19f6/0x24f0 [ 2338.141269][T22993] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2338.146925][T22993] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2338.152292][T22993] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2338.157303][T22993] vcpu_run+0x24e/0x690 [ 2338.161683][T22993] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2338.167133][T22993] kvm_vcpu_ioctl+0x562/0x8f0 [ 2338.171810][T22993] ? tomoyo_file_ioctl+0x1c/0x20 [ 2338.176747][T22993] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2338.182635][T22993] __se_sys_ioctl+0xcb/0x140 [ 2338.187281][T22993] __x64_sys_ioctl+0x3f/0x50 [ 2338.191854][T22993] do_syscall_64+0x39/0x80 [ 2338.196332][T22993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2338.202205][T22993] RIP: 0033:0x45e149 [ 2338.206095][T22993] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2338.225774][T22993] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2338.234256][T22993] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2338.242434][T22993] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2338.250405][T22993] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:45 executing program 1 (fault-call:16 fault-nth:88): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2338.258384][T22993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000057 [ 2338.266405][T22993] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2338.349946][T23008] FAULT_INJECTION: forcing a failure. [ 2338.349946][T23008] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2338.363301][T23008] CPU: 0 PID: 23008 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2338.371732][T23008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.383416][T23008] Call Trace: [ 2338.386705][T23008] dump_stack+0x116/0x15d [ 2338.391039][T23008] should_fail+0x231/0x240 [ 2338.396819][T23008] should_fail_usercopy+0x16/0x20 [ 2338.402462][T23008] __kvm_write_guest_page+0xda/0x220 [ 2338.408909][T23008] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2338.414571][T23008] kvm_vcpu_write_guest+0x89/0x110 [ 2338.419842][T23008] write_emulate+0x2c/0x70 [ 2338.424333][T23008] emulator_read_write_onepage+0x164/0x490 [ 2338.431160][T23008] emulator_read_write+0x173/0x310 [ 2338.436967][T23008] emulator_write_emulated+0x37/0x40 [ 2338.442284][T23008] writeback+0x3d4/0x540 [ 2338.447349][T23008] x86_emulate_insn+0x1787/0x2fc0 [ 2338.452634][T23008] ? em_salc+0x8/0x8 [ 2338.457647][T23008] x86_emulate_instruction+0x75f/0x2a80 [ 2338.463376][T23008] kvm_mmu_page_fault+0x315/0x3c0 [ 2338.468458][T23008] handle_ept_violation+0x277/0x350 [ 2338.474082][T23008] ? handle_desc+0x60/0x60 [ 2338.479352][T23008] vmx_handle_exit+0x2fd/0x7e0 [ 2338.484143][T23008] vcpu_enter_guest+0x19f6/0x24f0 [ 2338.489904][T23008] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2338.496479][T23008] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2338.501846][T23008] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2338.508822][T23008] vcpu_run+0x24e/0x690 [ 2338.513895][T23008] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2338.520480][T23008] kvm_vcpu_ioctl+0x562/0x8f0 [ 2338.525578][T23008] ? tomoyo_file_ioctl+0x1c/0x20 [ 2338.530533][T23008] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2338.537514][T23008] __se_sys_ioctl+0xcb/0x140 [ 2338.543056][T23008] __x64_sys_ioctl+0x3f/0x50 [ 2338.548367][T23008] do_syscall_64+0x39/0x80 [ 2338.553152][T23008] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2338.560061][T23008] RIP: 0033:0x45e149 [ 2338.563984][T23008] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2338.583596][T23008] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2338.592603][T23008] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:46 executing program 1 (fault-call:16 fault-nth:89): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2338.601479][T23008] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2338.609909][T23008] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2338.618606][T23008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000058 [ 2338.626582][T23008] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2338.691968][T23015] FAULT_INJECTION: forcing a failure. [ 2338.691968][T23015] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2338.706496][T23015] CPU: 0 PID: 23015 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2338.714899][T23015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2338.725114][T23015] Call Trace: [ 2338.728385][T23015] dump_stack+0x116/0x15d [ 2338.732700][T23015] should_fail+0x231/0x240 [ 2338.737097][T23015] should_fail_usercopy+0x16/0x20 [ 2338.742146][T23015] __kvm_read_guest_page+0xb6/0x130 [ 2338.747362][T23015] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2338.752910][T23015] kvm_fetch_guest_virt+0xef/0x130 [ 2338.758120][T23015] ? emulator_write_std+0x1a0/0x1a0 [ 2338.763312][T23015] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2338.768789][T23015] x86_decode_insn+0x182/0x2b70 [ 2338.773652][T23015] ? vmx_cache_reg+0xca/0x330 [ 2338.778461][T23015] ? init_decode_cache+0x48/0x50 [ 2338.783388][T23015] ? init_emulate_ctxt+0x247/0x280 [ 2338.788526][T23015] x86_emulate_instruction+0x21d/0x2a80 [ 2338.794078][T23015] kvm_mmu_page_fault+0x315/0x3c0 [ 2338.799090][T23015] handle_ept_violation+0x277/0x350 [ 2338.804278][T23015] ? handle_desc+0x60/0x60 [ 2338.808672][T23015] vmx_handle_exit+0x2fd/0x7e0 [ 2338.813451][T23015] vcpu_enter_guest+0x19f6/0x24f0 [ 2338.818560][T23015] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2338.824237][T23015] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2338.829469][T23015] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2338.834424][T23015] vcpu_run+0x24e/0x690 [ 2338.838586][T23015] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2338.844147][T23015] kvm_vcpu_ioctl+0x562/0x8f0 [ 2338.848881][T23015] ? tomoyo_file_ioctl+0x1c/0x20 [ 2338.853837][T23015] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2338.859981][T23015] __se_sys_ioctl+0xcb/0x140 [ 2338.864593][T23015] __x64_sys_ioctl+0x3f/0x50 [ 2338.869191][T23015] do_syscall_64+0x39/0x80 [ 2338.873658][T23015] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2338.879550][T23015] RIP: 0033:0x45e149 [ 2338.883510][T23015] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2338.903201][T23015] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2338.911722][T23015] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2338.919676][T23015] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2338.927626][T23015] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 20:59:46 executing program 1 (fault-call:16 fault-nth:90): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2338.935579][T23015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000059 [ 2338.943554][T23015] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2339.035532][T23023] FAULT_INJECTION: forcing a failure. [ 2339.035532][T23023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2339.049797][T23023] CPU: 1 PID: 23023 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2339.059219][T23023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.070191][T23023] Call Trace: [ 2339.073475][T23023] dump_stack+0x116/0x15d [ 2339.078017][T23023] should_fail+0x231/0x240 [ 2339.082947][T23023] should_fail_usercopy+0x16/0x20 [ 2339.088061][T23023] __kvm_read_guest_page+0xb6/0x130 [ 2339.094208][T23023] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2339.100875][T23023] kvm_fetch_guest_virt+0xef/0x130 [ 2339.106319][T23023] ? emulator_write_std+0x1a0/0x1a0 [ 2339.112994][T23023] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2339.119445][T23023] x86_decode_insn+0x182/0x2b70 [ 2339.124399][T23023] ? vmx_cache_reg+0xca/0x330 [ 2339.130596][T23023] ? init_decode_cache+0x48/0x50 [ 2339.136753][T23023] ? init_emulate_ctxt+0x247/0x280 [ 2339.143058][T23023] x86_emulate_instruction+0x21d/0x2a80 [ 2339.149104][T23023] kvm_mmu_page_fault+0x315/0x3c0 [ 2339.154712][T23023] handle_ept_violation+0x277/0x350 [ 2339.161116][T23023] ? handle_desc+0x60/0x60 [ 2339.167560][T23023] vmx_handle_exit+0x2fd/0x7e0 [ 2339.173740][T23023] vcpu_enter_guest+0x19f6/0x24f0 [ 2339.179066][T23023] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2339.185940][T23023] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2339.192397][T23023] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2339.197406][T23023] vcpu_run+0x24e/0x690 [ 2339.203673][T23023] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2339.210348][T23023] kvm_vcpu_ioctl+0x562/0x8f0 [ 2339.216516][T23023] ? tomoyo_file_ioctl+0x1c/0x20 [ 2339.222838][T23023] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2339.228832][T23023] __se_sys_ioctl+0xcb/0x140 [ 2339.233413][T23023] __x64_sys_ioctl+0x3f/0x50 [ 2339.238129][T23023] do_syscall_64+0x39/0x80 [ 2339.242675][T23023] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2339.248890][T23023] RIP: 0033:0x45e149 [ 2339.252779][T23023] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2339.272373][T23023] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2339.280789][T23023] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2339.288905][T23023] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2339.296857][T23023] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2339.304811][T23023] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005a [ 2339.312896][T23023] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) 20:59:47 executing program 1 (fault-call:16 fault-nth:91): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c", 0x31}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2339.474870][T23033] FAULT_INJECTION: forcing a failure. [ 2339.474870][T23033] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2339.489030][T23033] CPU: 1 PID: 23033 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2339.497467][T23033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.507602][T23033] Call Trace: [ 2339.510909][T23033] dump_stack+0x116/0x15d [ 2339.515247][T23033] should_fail+0x231/0x240 [ 2339.519672][T23033] should_fail_usercopy+0x16/0x20 [ 2339.524693][T23033] __kvm_read_guest_page+0xb6/0x130 [ 2339.529906][T23033] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2339.535490][T23033] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2339.540960][T23033] kvm_vcpu_read_guest+0x89/0x110 [ 2339.546036][T23033] read_emulate+0x27/0x40 [ 2339.550480][T23033] emulator_read_write_onepage+0x164/0x490 [ 2339.556467][T23033] emulator_read_write+0x173/0x310 [ 2339.561604][T23033] emulator_read_emulated+0x37/0x40 [ 2339.566895][T23033] x86_emulate_insn+0x81c/0x2fc0 [ 2339.571990][T23033] x86_emulate_instruction+0x75f/0x2a80 [ 2339.577544][T23033] kvm_mmu_page_fault+0x315/0x3c0 [ 2339.582655][T23033] handle_ept_violation+0x277/0x350 [ 2339.587977][T23033] ? handle_desc+0x60/0x60 [ 2339.592412][T23033] vmx_handle_exit+0x2fd/0x7e0 [ 2339.597181][T23033] vcpu_enter_guest+0x19f6/0x24f0 [ 2339.602253][T23033] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2339.608312][T23033] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2339.613505][T23033] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2339.618442][T23033] vcpu_run+0x24e/0x690 [ 2339.622578][T23033] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2339.628017][T23033] kvm_vcpu_ioctl+0x562/0x8f0 [ 2339.632700][T23033] ? tomoyo_file_ioctl+0x1c/0x20 [ 2339.637632][T23033] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2339.643538][T23033] __se_sys_ioctl+0xcb/0x140 [ 2339.648135][T23033] __x64_sys_ioctl+0x3f/0x50 [ 2339.652729][T23033] do_syscall_64+0x39/0x80 [ 2339.657207][T23033] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2339.663146][T23033] RIP: 0033:0x45e149 [ 2339.667020][T23033] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2339.687305][T23033] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2339.695832][T23033] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2339.703803][T23033] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2339.711757][T23033] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:47 executing program 1 (fault-call:16 fault-nth:92): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2339.719706][T23033] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005b [ 2339.727667][T23033] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2339.844111][T23050] FAULT_INJECTION: forcing a failure. [ 2339.844111][T23050] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2339.860450][T23050] CPU: 0 PID: 23050 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2339.870375][T23050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2339.881160][T23050] Call Trace: [ 2339.885783][T23050] dump_stack+0x116/0x15d [ 2339.890383][T23050] should_fail+0x231/0x240 [ 2339.896639][T23050] should_fail_usercopy+0x16/0x20 [ 2339.904192][T23050] __kvm_write_guest_page+0xda/0x220 [ 2339.910167][T23050] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2339.916481][T23050] kvm_vcpu_write_guest+0x89/0x110 [ 2339.922273][T23050] write_emulate+0x2c/0x70 [ 2339.926946][T23050] emulator_read_write_onepage+0x164/0x490 [ 2339.934465][T23050] emulator_read_write+0x173/0x310 [ 2339.941486][T23050] emulator_write_emulated+0x37/0x40 [ 2339.948964][T23050] writeback+0x3d4/0x540 [ 2339.954798][T23050] x86_emulate_insn+0x1787/0x2fc0 [ 2339.959827][T23050] ? em_salc+0x8/0x8 [ 2339.963820][T23050] x86_emulate_instruction+0x75f/0x2a80 [ 2339.969449][T23050] kvm_mmu_page_fault+0x315/0x3c0 [ 2339.974477][T23050] handle_ept_violation+0x277/0x350 [ 2339.979657][T23050] ? handle_desc+0x60/0x60 [ 2339.984059][T23050] vmx_handle_exit+0x2fd/0x7e0 [ 2339.988815][T23050] vcpu_enter_guest+0x19f6/0x24f0 [ 2339.993943][T23050] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2339.999580][T23050] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2340.004760][T23050] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2340.009677][T23050] vcpu_run+0x24e/0x690 [ 2340.013812][T23050] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2340.019255][T23050] kvm_vcpu_ioctl+0x562/0x8f0 [ 2340.023981][T23050] ? tomoyo_file_ioctl+0x1c/0x20 [ 2340.028904][T23050] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2340.034813][T23050] __se_sys_ioctl+0xcb/0x140 [ 2340.039395][T23050] __x64_sys_ioctl+0x3f/0x50 [ 2340.043987][T23050] do_syscall_64+0x39/0x80 [ 2340.048409][T23050] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2340.054353][T23050] RIP: 0033:0x45e149 [ 2340.058237][T23050] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2340.077890][T23050] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2340.086442][T23050] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:47 executing program 1 (fault-call:16 fault-nth:93): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2340.094399][T23050] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2340.102367][T23050] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2340.110314][T23050] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005c [ 2340.118271][T23050] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2340.192230][T23057] FAULT_INJECTION: forcing a failure. [ 2340.192230][T23057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2340.205956][T23057] CPU: 0 PID: 23057 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2340.215323][T23057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2340.225380][T23057] Call Trace: [ 2340.228716][T23057] dump_stack+0x116/0x15d [ 2340.235090][T23057] should_fail+0x231/0x240 [ 2340.240064][T23057] should_fail_usercopy+0x16/0x20 [ 2340.246185][T23057] __kvm_read_guest_page+0xb6/0x130 [ 2340.252339][T23057] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2340.258883][T23057] kvm_fetch_guest_virt+0xef/0x130 [ 2340.265227][T23057] ? emulator_write_std+0x1a0/0x1a0 [ 2340.272378][T23057] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2340.279022][T23057] x86_decode_insn+0x182/0x2b70 [ 2340.283908][T23057] ? vmx_cache_reg+0xca/0x330 [ 2340.288605][T23057] ? init_decode_cache+0x48/0x50 [ 2340.293550][T23057] ? init_emulate_ctxt+0x247/0x280 [ 2340.299878][T23057] x86_emulate_instruction+0x21d/0x2a80 [ 2340.306258][T23057] kvm_mmu_page_fault+0x315/0x3c0 [ 2340.311369][T23057] handle_ept_violation+0x277/0x350 [ 2340.318257][T23057] ? handle_desc+0x60/0x60 [ 2340.322683][T23057] vmx_handle_exit+0x2fd/0x7e0 [ 2340.328930][T23057] vcpu_enter_guest+0x19f6/0x24f0 [ 2340.334015][T23057] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2340.340338][T23057] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2340.345521][T23057] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2340.350694][T23057] vcpu_run+0x24e/0x690 [ 2340.354831][T23057] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2340.360344][T23057] kvm_vcpu_ioctl+0x562/0x8f0 [ 2340.367610][T23057] ? tomoyo_file_ioctl+0x1c/0x20 [ 2340.372586][T23057] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2340.378494][T23057] __se_sys_ioctl+0xcb/0x140 [ 2340.383140][T23057] __x64_sys_ioctl+0x3f/0x50 [ 2340.387720][T23057] do_syscall_64+0x39/0x80 [ 2340.392213][T23057] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2340.398177][T23057] RIP: 0033:0x45e149 [ 2340.402071][T23057] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2340.421808][T23057] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2340.430254][T23057] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2340.438214][T23057] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2340.446442][T23057] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2340.454478][T23057] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005d [ 2340.462710][T23057] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x2000, 0x0) 20:59:48 executing program 1 (fault-call:16 fault-nth:94): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2341.065326][T23069] FAULT_INJECTION: forcing a failure. [ 2341.065326][T23069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2341.093420][T23069] CPU: 0 PID: 23069 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2341.101956][T23069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.112136][T23069] Call Trace: [ 2341.115411][T23069] dump_stack+0x116/0x15d [ 2341.119731][T23069] should_fail+0x231/0x240 [ 2341.124126][T23069] should_fail_usercopy+0x16/0x20 [ 2341.129129][T23069] __kvm_read_guest_page+0xb6/0x130 [ 2341.134322][T23069] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2341.139884][T23069] kvm_fetch_guest_virt+0xef/0x130 [ 2341.145061][T23069] ? emulator_write_std+0x1a0/0x1a0 [ 2341.150288][T23069] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2341.155561][T23069] x86_decode_insn+0x182/0x2b70 [ 2341.160435][T23069] ? vmx_cache_reg+0xca/0x330 [ 2341.165131][T23069] ? init_decode_cache+0x48/0x50 [ 2341.170109][T23069] ? init_emulate_ctxt+0x247/0x280 [ 2341.175282][T23069] x86_emulate_instruction+0x21d/0x2a80 [ 2341.180869][T23069] kvm_mmu_page_fault+0x315/0x3c0 [ 2341.185936][T23069] handle_ept_violation+0x277/0x350 [ 2341.191198][T23069] ? handle_desc+0x60/0x60 [ 2341.195616][T23069] vmx_handle_exit+0x2fd/0x7e0 [ 2341.200434][T23069] vcpu_enter_guest+0x19f6/0x24f0 [ 2341.205448][T23069] ? __list_add_valid+0x28/0x90 [ 2341.210292][T23069] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2341.215480][T23069] ? find_first_bit+0x94/0xd0 [ 2341.220145][T23069] ? vmx_vcpu_pi_load+0x137/0x1f0 [ 2341.225178][T23069] ? vmx_vcpu_pi_load+0x1cf/0x1f0 [ 2341.230269][T23069] vcpu_run+0x24e/0x690 [ 2341.234408][T23069] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2341.239857][T23069] kvm_vcpu_ioctl+0x562/0x8f0 [ 2341.244601][T23069] ? tomoyo_file_ioctl+0x1c/0x20 [ 2341.249523][T23069] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2341.255403][T23069] __se_sys_ioctl+0xcb/0x140 [ 2341.260014][T23069] __x64_sys_ioctl+0x3f/0x50 [ 2341.264608][T23069] do_syscall_64+0x39/0x80 [ 2341.269022][T23069] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2341.274920][T23069] RIP: 0033:0x45e149 [ 2341.278796][T23069] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2341.298412][T23069] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2341.306830][T23069] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:48 executing program 1 (fault-call:16 fault-nth:95): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2341.314803][T23069] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2341.322753][T23069] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2341.330706][T23069] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005e [ 2341.338658][T23069] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2341.410438][T23079] FAULT_INJECTION: forcing a failure. [ 2341.410438][T23079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2341.423748][T23079] CPU: 0 PID: 23079 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2341.432320][T23079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.443743][T23079] Call Trace: [ 2341.447239][T23079] dump_stack+0x116/0x15d [ 2341.452125][T23079] should_fail+0x231/0x240 [ 2341.456890][T23079] should_fail_usercopy+0x16/0x20 [ 2341.461931][T23079] __kvm_read_guest_page+0xb6/0x130 [ 2341.467310][T23079] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2341.472914][T23079] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2341.479005][T23079] kvm_vcpu_read_guest+0x89/0x110 [ 2341.484172][T23079] read_emulate+0x27/0x40 [ 2341.489401][T23079] emulator_read_write_onepage+0x164/0x490 [ 2341.495965][T23079] emulator_read_write+0x173/0x310 [ 2341.502361][T23079] emulator_read_emulated+0x37/0x40 [ 2341.508452][T23079] x86_emulate_insn+0x81c/0x2fc0 [ 2341.514628][T23079] x86_emulate_instruction+0x75f/0x2a80 [ 2341.521267][T23079] kvm_mmu_page_fault+0x315/0x3c0 [ 2341.527724][T23079] handle_ept_violation+0x277/0x350 [ 2341.532940][T23079] ? handle_desc+0x60/0x60 [ 2341.537356][T23079] vmx_handle_exit+0x2fd/0x7e0 [ 2341.542614][T23079] vcpu_enter_guest+0x19f6/0x24f0 [ 2341.549240][T23079] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2341.555511][T23079] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2341.561549][T23079] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2341.566577][T23079] vcpu_run+0x24e/0x690 [ 2341.571156][T23079] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2341.577827][T23079] kvm_vcpu_ioctl+0x562/0x8f0 [ 2341.583876][T23079] ? tomoyo_file_ioctl+0x1c/0x20 [ 2341.590370][T23079] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2341.597145][T23079] __se_sys_ioctl+0xcb/0x140 [ 2341.602489][T23079] __x64_sys_ioctl+0x3f/0x50 [ 2341.607355][T23079] do_syscall_64+0x39/0x80 [ 2341.612641][T23079] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2341.619301][T23079] RIP: 0033:0x45e149 [ 2341.624443][T23079] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2341.645057][T23079] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2341.653473][T23079] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 20:59:49 executing program 1 (fault-call:16 fault-nth:96): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2341.661628][T23079] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2341.670493][T23079] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2341.678692][T23079] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000005f [ 2341.688156][T23079] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2341.749433][T23086] FAULT_INJECTION: forcing a failure. [ 2341.749433][T23086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2341.762717][T23086] CPU: 1 PID: 23086 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2341.771193][T23086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2341.781447][T23086] Call Trace: [ 2341.784719][T23086] dump_stack+0x116/0x15d [ 2341.789081][T23086] should_fail+0x231/0x240 [ 2341.793475][T23086] should_fail_usercopy+0x16/0x20 [ 2341.798525][T23086] __kvm_write_guest_page+0xda/0x220 [ 2341.803800][T23086] kvm_vcpu_write_guest_page+0x2bd/0x2e0 [ 2341.809443][T23086] kvm_vcpu_write_guest+0x89/0x110 [ 2341.814564][T23086] write_emulate+0x2c/0x70 [ 2341.819031][T23086] emulator_read_write_onepage+0x164/0x490 [ 2341.824849][T23086] emulator_read_write+0x173/0x310 [ 2341.830057][T23086] emulator_write_emulated+0x37/0x40 [ 2341.835394][T23086] writeback+0x3d4/0x540 [ 2341.839618][T23086] x86_emulate_insn+0x1787/0x2fc0 [ 2341.844660][T23086] ? em_salc+0x8/0x8 [ 2341.848589][T23086] x86_emulate_instruction+0x75f/0x2a80 [ 2341.854120][T23086] kvm_mmu_page_fault+0x315/0x3c0 [ 2341.859173][T23086] handle_ept_violation+0x277/0x350 [ 2341.864473][T23086] ? handle_desc+0x60/0x60 [ 2341.868938][T23086] vmx_handle_exit+0x2fd/0x7e0 [ 2341.873745][T23086] vcpu_enter_guest+0x19f6/0x24f0 [ 2341.878794][T23086] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2341.884492][T23086] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2341.889673][T23086] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2341.894613][T23086] vcpu_run+0x24e/0x690 [ 2341.898776][T23086] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2341.904999][T23086] kvm_vcpu_ioctl+0x562/0x8f0 [ 2341.909687][T23086] ? tomoyo_file_ioctl+0x1c/0x20 [ 2341.914776][T23086] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2341.921319][T23086] __se_sys_ioctl+0xcb/0x140 [ 2341.925923][T23086] __x64_sys_ioctl+0x3f/0x50 [ 2341.930529][T23086] do_syscall_64+0x39/0x80 [ 2341.934950][T23086] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2341.940825][T23086] RIP: 0033:0x45e149 [ 2341.944697][T23086] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2341.964298][T23086] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2341.972693][T23086] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2341.980657][T23086] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2341.988632][T23086] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 20:59:49 executing program 1 (fault-call:16 fault-nth:97): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2341.996608][T23086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000060 [ 2342.004561][T23086] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2342.111558][T23096] FAULT_INJECTION: forcing a failure. [ 2342.111558][T23096] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2342.125535][T23096] CPU: 0 PID: 23096 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2342.134246][T23096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.145406][T23096] Call Trace: [ 2342.149883][T23096] dump_stack+0x116/0x15d [ 2342.155619][T23096] should_fail+0x231/0x240 [ 2342.161441][T23096] should_fail_usercopy+0x16/0x20 [ 2342.167677][T23096] __kvm_read_guest_page+0xb6/0x130 [ 2342.173636][T23096] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2342.180073][T23096] kvm_fetch_guest_virt+0xef/0x130 [ 2342.186214][T23096] ? emulator_write_std+0x1a0/0x1a0 [ 2342.193736][T23096] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2342.201457][T23096] x86_decode_insn+0x182/0x2b70 [ 2342.208375][T23096] ? vmx_cache_reg+0xca/0x330 [ 2342.214838][T23096] ? init_decode_cache+0x48/0x50 [ 2342.220975][T23096] ? init_emulate_ctxt+0x247/0x280 [ 2342.228488][T23096] x86_emulate_instruction+0x21d/0x2a80 [ 2342.236111][T23096] kvm_mmu_page_fault+0x315/0x3c0 [ 2342.242105][T23096] handle_ept_violation+0x277/0x350 [ 2342.247957][T23096] ? handle_desc+0x60/0x60 [ 2342.254951][T23096] vmx_handle_exit+0x2fd/0x7e0 [ 2342.260916][T23096] vcpu_enter_guest+0x19f6/0x24f0 [ 2342.266680][T23096] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2342.273888][T23096] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2342.280088][T23096] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2342.285053][T23096] vcpu_run+0x24e/0x690 [ 2342.289199][T23096] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2342.294652][T23096] kvm_vcpu_ioctl+0x562/0x8f0 [ 2342.299318][T23096] ? tomoyo_file_ioctl+0x1c/0x20 [ 2342.304258][T23096] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2342.310233][T23096] __se_sys_ioctl+0xcb/0x140 [ 2342.315064][T23096] __x64_sys_ioctl+0x3f/0x50 [ 2342.319714][T23096] do_syscall_64+0x39/0x80 [ 2342.324114][T23096] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2342.329987][T23096] RIP: 0033:0x45e149 [ 2342.333865][T23096] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2342.353524][T23096] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2342.361922][T23096] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2342.369887][T23096] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2342.378006][T23096] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2342.385979][T23096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000061 [ 2342.393941][T23096] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:50 executing program 1 (fault-call:16 fault-nth:98): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:50 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 20:59:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e", 0x35}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2342.517331][T23104] FAULT_INJECTION: forcing a failure. [ 2342.517331][T23104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2342.531043][T23104] CPU: 0 PID: 23104 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2342.539466][T23104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.549523][T23104] Call Trace: [ 2342.552798][T23104] dump_stack+0x116/0x15d [ 2342.557144][T23104] should_fail+0x231/0x240 [ 2342.561609][T23104] should_fail_usercopy+0x16/0x20 [ 2342.566639][T23104] __kvm_read_guest_page+0xb6/0x130 [ 2342.571957][T23104] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2342.577622][T23104] kvm_fetch_guest_virt+0xef/0x130 [ 2342.582754][T23104] ? emulator_write_std+0x1a0/0x1a0 [ 2342.588009][T23104] __do_insn_fetch_bytes+0x1ad/0x3c0 [ 2342.593348][T23104] x86_decode_insn+0x182/0x2b70 [ 2342.598212][T23104] ? vmx_cache_reg+0xca/0x330 [ 2342.602889][T23104] ? init_decode_cache+0x48/0x50 [ 2342.607836][T23104] ? init_emulate_ctxt+0x247/0x280 20:59:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) [ 2342.612969][T23104] x86_emulate_instruction+0x21d/0x2a80 [ 2342.618536][T23104] kvm_mmu_page_fault+0x315/0x3c0 [ 2342.623560][T23104] handle_ept_violation+0x277/0x350 [ 2342.628759][T23104] ? handle_desc+0x60/0x60 [ 2342.633181][T23104] vmx_handle_exit+0x2fd/0x7e0 [ 2342.637950][T23104] vcpu_enter_guest+0x19f6/0x24f0 [ 2342.642979][T23104] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2342.648631][T23104] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2342.653832][T23104] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2342.658853][T23104] vcpu_run+0x24e/0x690 [ 2342.662995][T23104] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2342.668441][T23104] kvm_vcpu_ioctl+0x562/0x8f0 [ 2342.673103][T23104] ? tomoyo_file_ioctl+0x1c/0x20 [ 2342.678338][T23104] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2342.684321][T23104] __se_sys_ioctl+0xcb/0x140 [ 2342.688966][T23104] __x64_sys_ioctl+0x3f/0x50 [ 2342.694407][T23104] do_syscall_64+0x39/0x80 [ 2342.698891][T23104] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2342.704862][T23104] RIP: 0033:0x45e149 [ 2342.708789][T23104] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2342.728416][T23104] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2342.736807][T23104] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2342.744818][T23104] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2342.752897][T23104] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 20:59:50 executing program 1 (fault-call:16 fault-nth:99): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2342.760860][T23104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000062 [ 2342.768815][T23104] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c [ 2342.841192][T23124] FAULT_INJECTION: forcing a failure. [ 2342.841192][T23124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2342.855766][T23124] CPU: 0 PID: 23124 Comm: syz-executor.1 Not tainted 5.10.0-syzkaller #0 [ 2342.865237][T23124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2342.876061][T23124] Call Trace: [ 2342.879670][T23124] dump_stack+0x116/0x15d [ 2342.884716][T23124] should_fail+0x231/0x240 [ 2342.889332][T23124] should_fail_usercopy+0x16/0x20 [ 2342.894378][T23124] __kvm_read_guest_page+0xb6/0x130 [ 2342.900453][T23124] kvm_vcpu_read_guest_page+0x2a9/0x2d0 [ 2342.906447][T23124] ? vmx_read_guest_seg_ar+0x10b/0x160 [ 2342.912544][T23124] kvm_vcpu_read_guest+0x89/0x110 [ 2342.918333][T23124] read_emulate+0x27/0x40 [ 2342.923066][T23124] emulator_read_write_onepage+0x164/0x490 [ 2342.929031][T23124] emulator_read_write+0x173/0x310 [ 2342.934998][T23124] emulator_read_emulated+0x37/0x40 [ 2342.940711][T23124] x86_emulate_insn+0x81c/0x2fc0 [ 2342.946355][T23124] x86_emulate_instruction+0x75f/0x2a80 [ 2342.952750][T23124] kvm_mmu_page_fault+0x315/0x3c0 [ 2342.959070][T23124] handle_ept_violation+0x277/0x350 [ 2342.966866][T23124] ? handle_desc+0x60/0x60 [ 2342.971573][T23124] vmx_handle_exit+0x2fd/0x7e0 [ 2342.977507][T23124] vcpu_enter_guest+0x19f6/0x24f0 [ 2342.983780][T23124] ? tomoyo_path_number_perm+0x286/0x2d0 [ 2342.990413][T23124] ? vmx_vcpu_load_vmcs+0x39d/0x4e0 [ 2342.996627][T23124] ? vmx_vcpu_pi_load+0x62/0x1f0 [ 2343.002735][T23124] vcpu_run+0x24e/0x690 [ 2343.008085][T23124] kvm_arch_vcpu_ioctl_run+0x443/0x820 [ 2343.013563][T23124] kvm_vcpu_ioctl+0x562/0x8f0 [ 2343.019775][T23124] ? tomoyo_file_ioctl+0x1c/0x20 [ 2343.024727][T23124] ? kvm_vm_ioctl_get_dirty_log+0x3f0/0x3f0 [ 2343.030870][T23124] __se_sys_ioctl+0xcb/0x140 [ 2343.035659][T23124] __x64_sys_ioctl+0x3f/0x50 [ 2343.041629][T23124] do_syscall_64+0x39/0x80 [ 2343.046794][T23124] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2343.052869][T23124] RIP: 0033:0x45e149 [ 2343.057542][T23124] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2343.077412][T23124] RSP: 002b:00007f8170b74c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2343.085870][T23124] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000000045e149 [ 2343.093839][T23124] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 2343.101812][T23124] RBP: 00007f8170b74ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2343.109996][T23124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000063 [ 2343.119404][T23124] R13: 00007fffaed9e7df R14: 00007f8170b759c0 R15: 000000000119bf8c 20:59:51 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x2774, 0x0) 20:59:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) 20:59:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x2, 0x0) [ 2344.128703][T23136] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 20:59:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x10, 0x0) 20:59:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 20:59:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x2288, 0x0) 20:59:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4c00, 0x0) 20:59:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4c01, 0x0) 20:59:53 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 20:59:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e", 0x35}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x541b, 0x0) 20:59:53 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 20:59:54 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x3f00, 0x0) 20:59:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:54 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 20:59:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5421, 0x0) 20:59:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) 20:59:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa4", 0x3f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 20:59:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5423, 0x0) 20:59:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5450, 0x0) 20:59:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x541b, 0x0) 20:59:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e", 0x35}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x3) 20:59:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5451, 0x0) 20:59:57 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x7427, 0x0) 20:59:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 20:59:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5452, 0x0) 20:59:57 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 20:59:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 20:59:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5460, 0x0) 20:59:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x6364, 0x0) 20:59:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8912, 0x0) 20:59:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8913, 0x0) 20:59:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8914, 0x0) 20:59:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5452, 0x0) 20:59:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8933, 0x0) 21:00:00 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x80040, 0x0) 21:00:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x5451, 0x0) 21:00:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae01, 0x0) 21:00:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:00 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 21:00:00 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 21:00:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae41, 0x0) 21:00:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae60, 0x0) 21:00:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xaead, 0x0) 21:00:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x400448c9, 0x0) 21:00:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x400448dd, 0x0) 21:00:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x200000, 0x0) 21:00:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x400454ca, 0x0) 21:00:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae41, 0x0) 21:00:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 21:00:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x40047438, 0x0) 21:00:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:03 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x40049409, 0x0) 21:00:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4004ae8b, 0x0) 21:00:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4004ae99, 0x0) 21:00:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x800000, 0x0) 21:00:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x401845ef, 0x0) 21:00:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:06 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 21:00:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x40186366, 0x0) 21:00:06 executing program 2 (fault-call:9 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4018ae51, 0x0) [ 2359.432543][T23618] FAULT_INJECTION: forcing a failure. [ 2359.432543][T23618] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2359.456281][T23618] CPU: 0 PID: 23618 Comm: syz-executor.2 Not tainted 5.10.0-syzkaller #0 [ 2359.464898][T23618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2359.474999][T23618] Call Trace: [ 2359.478267][T23618] dump_stack+0x116/0x15d [ 2359.482707][T23618] should_fail+0x231/0x240 [ 2359.487102][T23618] should_fail_usercopy+0x16/0x20 [ 2359.492161][T23618] _copy_to_user+0x1c/0x90 [ 2359.496632][T23618] simple_read_from_buffer+0xab/0x120 [ 2359.501992][T23618] proc_fail_nth_read+0xf6/0x140 [ 2359.506915][T23618] ? rw_verify_area+0x136/0x250 [ 2359.511780][T23618] ? proc_fault_inject_write+0x200/0x200 [ 2359.517427][T23618] vfs_read+0x154/0x5c0 [ 2359.521628][T23618] ? _raw_spin_lock_irqsave+0x25/0x90 [ 2359.527088][T23618] ? wait_task_inactive+0x10a/0x1e0 [ 2359.532283][T23618] ? __fget_light+0xd0/0x260 [ 2359.536875][T23618] ? radix_tree_lookup+0x105/0x150 [ 2359.541975][T23618] ksys_read+0xce/0x180 [ 2359.546126][T23618] __x64_sys_read+0x3e/0x50 [ 2359.550614][T23618] do_syscall_64+0x39/0x80 [ 2359.555104][T23618] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2359.560993][T23618] RIP: 0033:0x417a41 [ 2359.564868][T23618] Code: 75 14 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2359.584481][T23618] RSP: 002b:00007f95dcab6c70 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 2359.592874][T23618] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417a41 [ 2359.600856][T23618] RDX: 000000000000000f RSI: 00007f95dcab6cb0 RDI: 0000000000000003 [ 2359.608823][T23618] RBP: 00007f95dcab6ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2359.616911][T23618] R10: 0000000000000003 R11: 0000000000000293 R12: 0000000000000000 [ 2359.624944][T23618] R13: 00007ffe1304fd0f R14: 00007f95dcab79c0 R15: 000000000119bf8c 21:00:07 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4020940d, 0x0) 21:00:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4048ae9b, 0x0) 21:00:09 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1000000, 0x0) 21:00:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4090ae82, 0x0) 21:00:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x4138ae84, 0x0) 21:00:09 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 21:00:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x41a0ae8d, 0x0) 21:00:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x50009401, 0x0) 21:00:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x80047453, 0x0) 21:00:10 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x40000, 0x3) 21:00:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8004ae98, 0x0) 21:00:10 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:12 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x2000000, 0x0) 21:00:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x80086301, 0x0) 21:00:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x801c4803, 0x0) 21:00:12 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) 21:00:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 21:00:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8138ae83, 0x0) 21:00:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 21:00:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0x8208ae63, 0x0) 21:00:13 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000003840)='/dev/ubi_ctrl\x00', 0x680000, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000003880)={0x0, 'gre0\x00', 0x4}, 0x18) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x34) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x3) 21:00:13 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) 21:00:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x3000000, 0x0) 21:00:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 21:00:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x4000000, 0x0) 21:00:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1000000, 0x0) 21:00:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc0189436, 0x0) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc018ae85, 0x0) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc020660b, 0x0) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xc0405602, 0x0) 21:00:16 executing program 2: setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000100)={0xbb, 0xe, [], [@calipso={0x7, 0x18, {0x1, 0x4, 0x96, 0x9, [0xffffffffffffffc1, 0x7]}}, @generic={0x4, 0x53, "2bd7bff267096c1fd99a003bb6fb46717630f990d42c81fab351c1de157450af3a891ea0261b2b13b2a570773309cf8cf2de23444bdae44895b1dbd1d794d1394e8f5df695ef33d613d4d9ef92c56620a7c689"}, @jumbo={0xc2, 0x4, 0x4}]}, 0x80) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x2) 21:00:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x3) 21:00:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4) 21:00:19 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x6000000, 0x0) 21:00:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:19 executing program 5 (fault-call:9 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x5) [ 2371.547712][T23981] FAULT_INJECTION: forcing a failure. [ 2371.547712][T23981] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2371.564212][T23981] CPU: 0 PID: 23981 Comm: syz-executor.5 Not tainted 5.10.0-syzkaller #0 [ 2371.572737][T23981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2371.582793][T23981] Call Trace: [ 2371.586094][T23981] dump_stack+0x116/0x15d [ 2371.590475][T23981] should_fail+0x231/0x240 [ 2371.594893][T23981] should_fail_usercopy+0x16/0x20 [ 2371.599912][T23981] _copy_to_user+0x1c/0x90 [ 2371.604329][T23981] simple_read_from_buffer+0xab/0x120 [ 2371.609691][T23981] proc_fail_nth_read+0xf6/0x140 [ 2371.614618][T23981] ? rw_verify_area+0x136/0x250 [ 2371.619460][T23981] ? proc_fault_inject_write+0x200/0x200 [ 2371.625258][T23981] vfs_read+0x154/0x5c0 [ 2371.629401][T23981] ? _raw_spin_lock_irqsave+0x25/0x90 [ 2371.634760][T23981] ? wait_task_inactive+0x10a/0x1e0 [ 2371.639942][T23981] ? __fget_light+0xd0/0x260 [ 2371.644543][T23981] ? radix_tree_lookup+0x105/0x150 [ 2371.649689][T23981] ksys_read+0xce/0x180 [ 2371.653831][T23981] __x64_sys_read+0x3e/0x50 [ 2371.658414][T23981] do_syscall_64+0x39/0x80 [ 2371.662890][T23981] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2371.668779][T23981] RIP: 0033:0x417a41 [ 2371.672733][T23981] Code: 75 14 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2371.692499][T23981] RSP: 002b:00007f418c302c70 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 2371.700894][T23981] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417a41 [ 2371.708962][T23981] RDX: 000000000000000f RSI: 00007f418c302cb0 RDI: 0000000000000003 [ 2371.716932][T23981] RBP: 00007f418c302ca0 R08: 0000000000000000 R09: 0000000000000000 [ 2371.724942][T23981] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 2371.732896][T23981] R13: 00007ffdb9c974ff R14: 00007f418c3039c0 R15: 000000000119bf8c 21:00:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x6) 21:00:19 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0, 0xfffffffffffffdb5}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x4, 0x0}) ioctl$DRM_IOCTL_AGP_UNBIND(r2, 0x40106437, &(0x7f0000000100)={r3, 0x7}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$capi20_data(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="1000a31086598a35a70d72e5641622bc2e5bdc800400660000000000000083008a6a2a59703e6db1536ab924a57a2cbb93a6b0beb64a01a9038e3beda38b80a22c0c1387c3070150deb8089fc66d188a08274e2a473e641bbc7c013d5407d51f02a2d2a9d56b243951dc9686ee982f5e1d25aaf36527ba14d0f54d6eb18daca9e82db0b5010e09e58c1bce4397332d2a4b8460febc"], 0x95) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setopts(0x4206, 0x0, 0x7f, 0x100000) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2411}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="ec2025bd7000fbdbdf25180000000a0006000802110000000000"], 0x20}}, 0x4004) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x7) 21:00:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:22 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xc000000, 0x0) 21:00:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000006c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}, {&(0x7f0000000100)="320ea52ea23d4383a709a5466d3dd8c080c945151053d04603fd0e22d2bc9dd78df8d298a59eb5cd99a24b8ba3bc1408921f0d928cc21446dfdde9060dc599df7d68a8e7ecbeb480b10651ae82651cc8fc7ae90249831ac65fd5a51bb88e8d7fc73a0708cba06034fcbec58861258baa54e43dc4d9bdc64b92004a65e16166b480057b21f3be0095360ac4c1401e3b2dd74fe0aeb08e82d3aa39585c37936036632cf5c61d36efc1c4b63b2014213d835c0efe25022d2eafe7e62c0535b4214f011665ae807b92ec23681e2e4bd1925b29d808461b27c8", 0xd7}, {&(0x7f0000000780)="5ae145c9f905e93a3955ef7ef557f5cbea619e8604fec3065ad33ffb4bdae2fb0477ee99eb5f2782615255105f2748581131777d9f6bdf672d6e0072ec7027c36d048e9677ea8cbb0a7fd724258b262e764d42a9fa0941bd02e20808cc22e7a1dfec3aea0be5c7f8c6204de581c80e10af0612018890d79061f368bed748fb8efea0af263966e05129872db911c3cecdb1592160cf890c55203dad4efafc94afeac232299aef2cd3f157dc4bd77571485247a76ffc405470444b10e7a9eef5ccb9c7767f31f3a2447fb162aed09d21bca88825619736951ea4", 0xd9}, {&(0x7f0000000380)="adf2195e56c35f5289634b1f45c12df73adfffeb7637a2e2162dae72d5d1c788448fcec7df4858570068a214056965990ab02188613d8926762b020093bc4f07a622340b89da3e5dcce628024fb45c46507a31cc4816c8c04636e01e8e79c46445af8daac71d9d7bbb2b1341770148f1", 0x70}, {&(0x7f0000000200)="635420252294bfe6d8e461426c48bb32cf41884751af6cbd06ae99aa51cce0e18e314572c2d1be2ff57cbf12698ec25b436b694b55d8bb9e7cbf0330ac427e52a1d46bdd88e7ba2f26663adafd0014c0dcef8315bf385d82dfeec5db621c939edf3a8d7e47322d0f3a657e1af092b7535b4f600c414f79a9fd583009c4685bf5477b3c2d93482d6e8c46c9347d752f72c6d76017b2e15f719d266fc7f8a5aab1dfe6b8e8ebfcdd4788e41e7ff343cce04a515799089796322993c88fc81e7a9a938920669485d8b882c2b5f7e76cb5e979e599d1ea5dda58f7c6b0f23fc86bd8702b9efb7ce028f4262851e28af638605ed27ecaea0f", 0xf6}, {&(0x7f0000000400)="cd0ff556516818abd813ef30d6e5041b88932810c349f951459aea1e277dfa1f2dd4df37c43e871d30df0e4b4f727318daee94f52cafdbe60520df5e22f8409047d2d07291", 0x45}, {&(0x7f0000000580)="74e2e6eac0b822cbebbf751c1c6942bfa563025573737639a53e5eff892642372a322d10c8791b85c1f6cda78503347ecc75778a2cfa25d65ab2639cb9a0c70261616295d1260a0af0c0efe10d64e9f3e72b6267f9290300000000000000fc241ff9c0e63ceeb491dbd4bec1f4", 0xfffffe6e}, {&(0x7f0000000600)="a219e183db28b039e0c06a5769b4153391f9c69549eb077774a4b039b61346535affa09788281c38342564c8858e7192020afa6821f3f8fc1e5e20a032e2c92f348bf085df2b4839e855491d6af524d6967460e018bdba2116959739e6202ff8f3316bef9978f90a85ee2c33c1e4d25a8fcec0614a297d8ddc7ddb865af94911f76f3dda317875c3cd3635e46f5e7b24fccee025940217ce090b37", 0x9b}], 0xb, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000080)) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000000)="0b5e70bf6b1907c8fce2a37729290c2fd547ea2c601e7ee3e84e0988e2a7e1ac32fc17a76210d4d9f05733863c91b221935883fa17282cdd15bdf0ddbe45e12a3f485a8807552e57ea4d1151d1") ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x8) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x9) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xa) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xb) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xc) 21:00:22 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x80000005, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x33, r0, 0x800000, 0x3) 21:00:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:22 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000140), &(0x7f0000000180)=0x8) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0xffff, 0x400000) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000100)={0x2, 0x3, 0x401, 0xfda1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setscheduler(r0, 0x0, &(0x7f00000002c0)=0x3) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f00000001c0)={0x2, @vbi={0x6, 0x7, 0x10000, 0x31384142, [0x564, 0x1d], [0x6, 0x7fffffff]}}) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="d9843e865ad14aa2089c8a4161dcbabf0a582f00", @ANYRES16=0x0, @ANYBLOB="000425bd7000fedbdf2501000000a000028024000180080042a51dbb8a5d5b0100010000000800010000000000080001000700000008000100060000000caa62ab6a11720cbb0000002400018008000100040000000800010002000000080001000700000008000100060000000c00018008000140000000003c0001800800010001000000080001000300000008000100080000000800010004000000080001000600000008000100020000000800010003000000100002800c00018008000100050000008c0002803c000180080001000400000008000100060000000800010000b1719ef2cb15f700000008000100050000000800010002000000080001000100000008000100010000001c00018008000100080000000800010002000000080001000200000014000180080001000400000008000100050000001c000180080001000800000008000100060000000800010001000000"], 0x150}, 0x1, 0x0, 0x0, 0x4044000}, 0xc0) 21:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xd) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xe) 21:00:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:25 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x12000000, 0x0) 21:00:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0x8) r3 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x4, 0x3) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x34) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r4 = inotify_init1(0x800) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000140)={{r4}, 0x6, &(0x7f0000000100)=[0x1, 0xf79, 0x3, 0x10000, 0x4, 0x3], 0x5, 0x5, [0x800000000000008, 0x1, 0x100, 0x193]}) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r3, 0x0, 0x0) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xf) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x10) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x11) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x12) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x13) 21:00:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x14) 21:00:25 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket(0x1e, 0x2, 0x1000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000140), &(0x7f0000000180)=0x4) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000100)) 21:00:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x15) 21:00:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:28 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x18000000, 0x0) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x16) 21:00:28 executing program 5: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r0, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, r3}, 0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={r3, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}}, 0x91a, 0x5, 0x33, 0x9, 0x81, 0x7ff, 0x4}, &(0x7f0000000100)=0x9c) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x34) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x1, 0x0, r1, 0x0, &(0x7f0000000240)="9bbd9bfb2b661aad4a82242347593bba0d06265c0afc749193c8cc59eebc0e90e5d1b22ef4b3a0f0f0d7efeea25352eba7c174d21cf0620dae60f781b84eeb4e2cb7104b439ab34ea40133bee908f9b98c2828a7abcb246d9db15ec7ca1d87b55d9eac980c61a1c4ac189e68226c63ab19566bbfebe1a19f79", 0x79, 0x2201, 0x1}, 0x1) fcntl$getown(r0, 0x9) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r4, 0x0, 0x0) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x17) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x18) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x19) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1a) 21:00:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:28 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = getpgid(0x0) pidfd_open(r1, 0x0) r2 = getpgid(0x0) pidfd_open(r2, 0x0) ptrace$setregs(0xd, r1, 0x2000000000000082, &(0x7f0000000200)="3fbef19667bf7a591de27302ab920200cb8c825622e946f005000000de03000000b810d8d67036ca0300000000df986f3000000000000000474dfa45eb0971d558d8136bf09496866530d1b7e48496f95578887464c80937cce4afb50cbd2cafb1d88801af2838cf0c9079f1451e99e9d2b32a4b238342a37cc1f3050c4bc317efde7769489209c8c0e076ddf35c70945efadaa8ebd493353ce8274b592e5211338682fab11ed1eb9fc348b5ddefa6017ed5b99b523baf5b9288b79742744289549c987e9d3b7b5e40d19a061376496d301f0b2b87") ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1b) 21:00:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1f000000, 0x0) 21:00:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delrule={0x64, 0x21, 0x100, 0x70bd25, 0x25dfdbff, {0x2, 0x0, 0x10, 0x3, 0x4, 0x0, 0x0, 0x8, 0x1}, [@FRA_FLOW={0x8, 0xb, 0x3}, @FRA_FLOW={0x8, 0xb, 0x4}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x401}, @FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x26}}, @FRA_SRC={0x8, 0x2, @multicast2}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x6}, @FRA_DST={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x31}}, @FRA_GENERIC_POLICY=@FRA_FWMARK={0x8, 0xa, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x8800}, 0x8004) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1c) 21:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1d) 21:00:31 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x28) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1e) 21:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:34 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x3f000000, 0x0) 21:00:34 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0x0, 0x8, 0x0, "6c9d902eb5f697a2bffb99bfc6ebab3827bc114cbac5aefd9ef3c8096f5e68ff"}) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) vmsplice(r1, &(0x7f0000000000), 0x1000000000000144, 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) getpgid(r0) ptrace$cont(0x18, r0, 0x0, 0x3) 21:00:34 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = getpgid(0x0) pidfd_open(r1, 0x0) ptrace$getregset(0x4204, r1, 0x6, &(0x7f0000000100)={&(0x7f0000000000)=""/135, 0x87}) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x21) 21:00:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x23) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x25) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x26) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x27) 21:00:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x29) 21:00:37 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x40000800, 0x0) 21:00:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x2b) 21:00:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x240, 0xac) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000040)={0x9, 0x8, 0x8000, 0x9}, 0x10) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:37 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4200, r0, 0x0, 0x1e) tkill(r0, 0x34) ptrace$cont(0x9, r0, 0x4, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:37 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) setsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@int=0x7ff, 0x4) 21:00:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x2d) 21:00:37 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x3, 0x10001) 21:00:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x2e) 21:00:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x2f) 21:00:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x31) 21:00:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x74270000, 0x0) 21:00:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x33) 21:00:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x35) 21:00:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000080)=[@sack_perm, @sack_perm, @sack_perm], 0x3) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5077992f5440af06fa441ee", 0x3a}], 0x4, 0x0) ioctl$HIDIOCGRDESCSIZE(0xffffffffffffffff, 0x80044801, &(0x7f0000000000)) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000140)=0x0) ptrace$setopts(0x4206, r2, 0x0, 0x44) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x36) 21:00:40 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000000)=""/64, 0x40, 0x1, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e22}, 0x6e) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x4, 0x6b5, 0x9) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000007, 0x4010, r1, 0x100000000) 21:00:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x37) 21:00:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 21:00:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xf6ffffff, 0x0) 21:00:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 21:00:43 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x143000, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, r4}, 0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000200)={r4, 0x3ff, 0x3, 0x3}, &(0x7f0000000240)=0x10) wait4(0x0, 0x0, 0x80000002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYRES16, @ANYRES32=r1, @ANYRES32], 0x2c}}, 0x4000810) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="403ea3c000000004f6db7c3dc28a6bd742bd4033b3292d9e4ceca2c3532f493dc7b191815bbc3a2c0c09a1679d31602297e959b0073f06eafc87f4d22393d55c13c8b45591657a2a1158c1291daca2b4214a7737bcf83eec084200000000000000", @ANYRES16=r6, @ANYBLOB="08002bbd7000fbdbdf250100000014000400030000001f0000000300000000080000050005000000000008000300080000000800020001010000"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x14004881) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x39) 21:00:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 21:00:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:43 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020}, 0x2020) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x10) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000002140)={r1, 0x400, 0x0, 0x2}) ioctl$TIOCSERGETLSR(r2, 0x5459, &(0x7f0000002180)) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000000)=0xc51a, 0x4) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x3b) 21:00:43 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2396.064463][T24738] ptrace attach of "/root/syz-executor.0"[24737] was attempted by "/root/syz-executor.0"[24738] 21:00:46 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000000)=r0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xfeffffff, 0x0) 21:00:46 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) [ 2398.759221][T24743] ptrace attach of "/root/syz-executor.0"[24742] was attempted by "/root/syz-executor.0"[24743] 21:00:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x3d) 21:00:46 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:46 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x32000, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(r1, 0x8004510b, &(0x7f0000000040)) prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffd000/0x2000)=nil) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xfffffff6, 0x0) [ 2398.889917][T24765] ptrace attach of "/root/syz-executor.0"[24763] was attempted by "/root/syz-executor.0"[24765] 21:00:46 executing program 2: syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x3) 21:00:46 executing program 5: recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000001900)={&(0x7f00000003c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000000440)=""/148, 0x94}, {&(0x7f0000001600)=""/186, 0xba}, {&(0x7f0000000500)=""/79, 0x4f}, {&(0x7f00000016c0)=""/73, 0x49}, {&(0x7f0000001740)=""/137, 0x89}, {&(0x7f0000001800)=""/33, 0x21}, {&(0x7f0000001840)=""/37, 0x25}], 0x8, &(0x7f00000019c0)=""/222, 0xde}, 0x1) ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f0000001940)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c00)=ANY=[@ANYRES64=r3, @ANYRESOCT=r0, @ANYRESOCT=r2], 0x18}, 0x1, 0x0, 0x0, 0x2004c880}, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001ac0)=ANY=[], 0x10c}, 0x1, 0x0, 0x0, 0x4}, 0x44000) tkill(r1, 0x34) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="58000000011401002bbd3d905696440d10dc0100020000000800010001008ba1e4dd0100000000000800010001806a61316cba1f6cf821010000000800010702000000080001000200000008000100410000000800010002"], 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x4000010) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x3c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x7fff}, @NFULA_CFG_CMD={0x5}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0xfff}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4c004}, 0x804) r4 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000240)={0x1, 0x7, 0x9180, 0x2}) ptrace$cont(0x18, r1, 0x0, 0x0) 21:00:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x3e) 21:00:46 executing program 2: ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000100)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x5) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x34) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) delete_module(&(0x7f0000000000)='%$\x00', 0x1800) ptrace$cont(0x20, r1, 0x0, 0x3) 21:00:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x41) 21:00:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x100040) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x80000) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580)='nl80211\x00') sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2c, r2, 0x309, 0x0, 0x0, {{}, {@val={0x8}, @void, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xa0, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_REG_RULES={0x70, 0x22, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x80000000}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x1}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x4}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x6000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3ff}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xfffffff8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xd9d7}]}]}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8850}, 0x4000) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/btrfs-control\x00', 0x4000, 0x0) write$6lowpan_control(r3, &(0x7f00000002c0)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 21:00:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x42) 21:00:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xfffffffe, 0x0) 21:00:49 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) connect$packet(r1, &(0x7f0000000000)={0x11, 0x1a, 0x0, 0x1, 0x8, 0x6, @dev={[], 0x41}}, 0x14) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000000)="6f19404bb4bd871e2c01046ebaedead7", 0x10) 21:00:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x43) 21:00:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e3717", 0x37}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x44) 21:00:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x45) 21:00:52 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x200000000000, 0x0) 21:00:52 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) write$P9_RUNLINKAT(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x4d, 0x2}, 0x7) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() ptrace$setopts(0x4200, r1, 0x4, 0x58) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x46) 21:00:52 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000000100)={0x0, 0xe8, "aaf29ae3cb5f5654ec85eefcd6da4ceb95229ea8f6d90d697f2f7f05c57e3aef83c52d5a45dbf4e636b3c9c5761f8495f70655a30b634c36b3a575fb3d5592a593a201510478c164269e731859e68829f3e23c048bef8162bdf6d5d48b0f23c13a962baf029102c28f5ca2198093b119584372bf3be51791dbf697e6b4bedea817ebc4887c9fccdd51ee50da1dff86489c03d0f50f8ea5c906efce8ab997f6b849ab9701064e9586d72a739a07150b50e5f94753d76e1eff7c868c61b76c1d723891318470140f741bd0de05256287caaa98c19134abafc31233dfcd7034b7225cf84cd927625ea3"}) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) setsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000000)=0x2b7, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x47) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x48) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x49) 21:00:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4a) 21:00:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4b) 21:00:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4c) 21:00:55 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x1000000000000, 0x0) 21:00:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000000)=0x3) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x3, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007980)=[{{&(0x7f0000000100)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000180)=""/121, 0x79}, {&(0x7f0000000200)=""/252, 0xfc}, {&(0x7f0000000300)=""/209, 0xd1}, {&(0x7f0000000400)=""/223, 0xdf}, {&(0x7f0000000500)=""/116, 0x74}], 0x5, &(0x7f0000000600)=""/213, 0xd5}, 0xffffffff}, {{&(0x7f0000000700)=@un=@abs, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000780)=""/191, 0xbf}, {&(0x7f0000000840)=""/177, 0xb1}, {&(0x7f0000000900)=""/130, 0x82}, {&(0x7f00000009c0)=""/245, 0xf5}, {&(0x7f0000000ac0)=""/184, 0xb8}, {&(0x7f0000000b80)=""/195, 0xc3}, {&(0x7f0000000c80)=""/140, 0x8c}], 0x7}, 0x80}, {{&(0x7f0000000dc0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000e40)=""/192, 0xc0}, {&(0x7f0000000f00)=""/98, 0x62}, {&(0x7f0000000f80)=""/49, 0x31}], 0x3, &(0x7f0000001000)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000002000)=""/119, 0x77}, {&(0x7f0000002080)=""/202, 0xca}, {&(0x7f0000002180)=""/145, 0x91}, {&(0x7f0000002240)=""/180, 0xb4}, {&(0x7f0000002300)=""/78, 0x4e}, {&(0x7f0000002380)=""/146, 0x92}, {&(0x7f0000002440)=""/230, 0xe6}], 0x7, &(0x7f00000025c0)=""/123, 0x7b}, 0xacdc}, {{&(0x7f0000002640)=@ipx, 0x80, &(0x7f0000004c00)=[{&(0x7f00000026c0)=""/235, 0xeb}, {&(0x7f00000027c0)=""/191, 0xbf}, {&(0x7f0000002880)=""/168, 0xa8}, {&(0x7f0000002940)=""/217, 0xd9}, {&(0x7f0000002a40)=""/169, 0xa9}, {&(0x7f0000002b00)=""/4096, 0x1000}, {&(0x7f0000003b00)=""/28, 0x1c}, {&(0x7f0000003b40)=""/4096, 0x1000}, {&(0x7f0000004b40)=""/153, 0x99}], 0x9, &(0x7f0000004cc0)=""/235, 0xeb}, 0x8}, {{&(0x7f0000004dc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000007280)=[{&(0x7f0000004e40)=""/175, 0xaf}, {&(0x7f0000004f00)=""/16, 0x10}, {&(0x7f0000004f40)=""/117, 0x75}, {&(0x7f0000004fc0)=""/20, 0x14}, {&(0x7f0000005000)=""/237, 0xed}, {&(0x7f0000005100)=""/4096, 0x1000}, {&(0x7f0000006100)=""/4096, 0x1000}, {&(0x7f0000007100)=""/201, 0xc9}, {&(0x7f0000007200)=""/123, 0x7b}], 0x9, &(0x7f0000007340)=""/49, 0x31}, 0x7a}, {{&(0x7f0000007380)=@generic, 0x80, &(0x7f0000007840)=[{&(0x7f0000007400)=""/174, 0xae}, {&(0x7f00000074c0)=""/181, 0xb5}, {&(0x7f0000007580)=""/190, 0xbe}, {&(0x7f0000007640)=""/71, 0x47}, {&(0x7f00000076c0)=""/51, 0x33}, {&(0x7f0000007700)=""/88, 0x58}, {&(0x7f0000007780)=""/190, 0xbe}], 0x7, &(0x7f00000078c0)=""/147, 0x93}, 0x4}], 0x7, 0x10040, &(0x7f0000007b40)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000007b80)={0x0, @in={{0x2, 0x4e20, @multicast2}}, [0xa8d1, 0x1, 0x3, 0x0, 0x2, 0x20, 0x800, 0x4, 0x7, 0x9, 0x53ab, 0x3, 0xffffffff, 0x1ff, 0x59e]}, &(0x7f0000007c80)=0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000007cc0)={r2, 0x9}, &(0x7f0000007d00)=0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:55 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={0x6, 0x118, 0xfa00, {{0x9939, 0xffff, "25dc681d0f84800b1f5e5647e95289a40ee6c6ecdaf641dbcadb625f812d1dceff441b1f07aaa6ee480f0b795b80142537c351e31c97702e20f321cef2db0e41d109a235491a385a79737dc4f3b83960b658dcf4939d897a8db9934b2bc0169b90bc21610554280426f10d10e5617f7e0ce3c7559f3a3ea8190febcce9c3c906cd5e1c887e49b7864a7ecafcf35730a0e535d8a7ffaff56b08343b1e060f1b0ec53f411be43865e6aee9b55d743793045a8b142e566a0bb46df59d40366cf739dc8fd4a66dd09ff1831831e2829016f077074526a78d86abfa92be350e6df66855f5c534743cf13db723584cc9b063e6e70a1fad599dbae20bbe6cfa1c8eeb3b", 0x9, 0x5, 0x9, 0x5, 0x6, 0x2, 0x1, 0x1}}}, 0x120) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa8, 0x0, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x94, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa81b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffff9c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x532}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x400c000}, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000000040)={0x22, 0x3, 0x0, {0x0, 0x1, 0x0, '-'}}, 0x22) openat$char_raw_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/raw/rawctl\x00', 0x155002, 0x0) 21:00:55 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x101100, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580)='nl80211\x00') sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2c, r3, 0x309, 0x0, 0x0, {{}, {@val={0x8}, @void, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_LEAVE_IBSS(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x5f75, 0x6e}}}}, ["", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x14000880}, 0x2040010) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x3) r4 = accept4$inet(r1, &(0x7f0000000200)={0x2, 0x0, @initdev}, &(0x7f0000000280)=0x10, 0x80000) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x4a57}, 0x8) 21:00:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4d) 21:00:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:55 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x1, 0x2, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}, @CTA_EXPECT_HELP_NAME={0x8, 0x6, 'RAS\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) tkill(r0, 0x34) ptrace$cont(0x9, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:55 executing program 2: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, &(0x7f0000000100)={0x1, 0xb5}) r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x2, 0x100) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000001c0)={0x0, @bt={0x9, 0x1000, 0x862593d2c73e91a0, 0x0, 0x4, 0x8001, 0x4, 0x2, 0x3ba, 0x7fffffff, 0xfff, 0x2, 0x400002, 0x401, 0x4, 0x28, {0x1000003, 0xf0fc}, 0x38, 0x7f}}) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_ENDIAN(0x14, 0x1) r1 = gettid() r2 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x5, 0x81) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, &(0x7f0000000280)=0x8) socket$caif_stream(0x25, 0x1, 0x3) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x34) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x3) 21:00:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4e) 21:00:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x4f) 21:00:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x51) 21:00:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:58 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x80000000000000, 0x0) 21:00:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x53) 21:00:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x55) 21:00:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x57) 21:00:58 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0x0, 0x8, 0x0, "6c9d902eb5f697a2bffb99bfc6ebab3827bc114cbac5aefd9ef3c8096f5e68ff"}) vmsplice(r1, &(0x7f0000000140)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}, {&(0x7f0000000480)="1e2cc3a35fce765cdf03e7c3d1d16338a3df8dc1b4481d9ce75ac7501dd9f573afe7ffe31a07e1e39dee08d79e66ecd353b411b45e2ce7a0eab99363fece9d8ba261a84353ccdfa7e685e514fe21a94cedb0ce792196f13ae3ec9c5db08bd5b97b50dbfa46081d94cac9220a0058a147fd58ab48377e4814bcb6b85f96565e589b35f706bbc55765bc500a2d16270b30a9a4e26e52b708fa15af940758c4bea66014fbf088230ee188c4ffa2c686682304ba5baf73bfa9306846bae2eec18e7cd938fd6ec28e070ff93470dbe588eadbdc4638e74d6b03c35e453f417c02fa082d38a4e78fc9731e04f68721d4f732c5ff681db4c6d23b5869eef716d61ae84d08cf7c90bf08ef243d26db8b912c9832c0a6762540126fc7d49e4e5ab0676c34449c41b2d6bc1fbf4bd772299ce173c385c59b2a68df628c26ff68d4479856eca7ebfc5b264b0f063b93b4c5145659c044bf28a6fa7b676889fdc8adb795070b37b7dbf9104f685551d5b03bbc8d9824bf4461b240b4bf92dd5b0c085fd927b39a42769df453019c18f9a0299e1958baec4e00947d8a0f61dabc7a1f6ee7c1578ae28ce2025ed7f4197ed089b4485a445f1527c3044acd8d10b01b5ead9a291b8547ffe42a92f3c1421208bb974e8d38732adc94e6946db59828f3bdcb4e9654a3d5b91de33687a8c62d1dd1bb6e761ae0801fe8260f1acc428846c5bf88938e7b683bc6b881d7a772ee2531dcbd776589a63d741c557fbd560e18c5fea36a0a1e28c2d85cf35e33c0f24eb976cad6c967b8035158f0007e3a2c899e1dc7bc5db2119df7277019d6afef0c7bae966e0619618028b78f0bbad7a58929ac394278ec0862887471d8476b71c19a7f1aceabeac5798f412eec50b01926ce15b200480bbe277bba21975c80e633ab6e4bad7b67abf6d5cadbf3ec56ab5d9ef83ba5fb1c959154605c31f6e7bfd079401833ae08595bae78f499bae0b5dc80158901d6953b106dcc22de975633bb1cb74fe12774318f376373a7b077fb729e12f6a6296d6b3097593ef92905a2560ae4d77f40f885430cd5ec309d585b3575957914d72fdc71a70c34f1a291412a0d4c28ac9848d617ae8661b140ee2cd013f36b39509d8614ff02236578f2c6e9fe4ee87e4750561010435fb7bc78ff33cbbb71d203020ca0921bcb0f0574c14e5e95508dbbc5d0c664ca63c983c4a605e39596e476d695f14031a6b448e0b2301b56456b031e632da39ae338ace5b9cb7201ec4f12472c77504c61ed37282342c2b08875860ea7e8905b1daebe5be8ba7a44c538556663071c21dae12f7f0a7172f551fceabb453b8bcfc8c4bbf4af6d870f48236b66e3526bfde04aea9091f1990eaeadc01af6ee50228bb4bbf3633b1bf5df027b69eace838b640fbfa9182410b86ab092776effae2269a0d4e580c2c5f1a62f0a228568466aace04a1c29e4e9bdefbe74ec57a075f1d9c10153ada0d8a8764332df48bb42417a22f452f6e8686180a3ad7a791afb936fd9fda1e684b54de43d221c0a74f446cb087de995d0ee39328cb28421f5c7a13598518dbb870de629de082401977ee5a20a3b71e9d8e1a00dfc6d1d130a0e95b0640a57f9772ebec04f8a2ce13c8a96f816f99f3473423cd7b5b7cb4a7ecf404ce02764b1c2608a6ce52898ac9f100075f35dad68646811b2cb51b7e78cbeac2c94b8d409341eac38c9e9f21dcdaffda810302db549eda2ddf30e30df73949ae931fb04b65f064b0ff6b97f4272a971b9e834a1260eaa66a35b692760c0995e7e51666b06b61c4c5e66cc2708c2600b545f8794b6fa03dd245537637e33e03a0467c1fff8aaf972bfc653affcc46c97d07118340ec957278a9eb7636f801eb5e82a9aefc595fa5e08aa1118ab1174398d99dfa0f7f0698ccc2536a85f1649e0776860d81f0b66684e09bc8ff5c901fc93d82a93b8c9d43692c227df3bb01de097e3f86842fccb4cda5d99f431130c31fb2857d140f7c5173d07a0e03cf27fe94db58ff8d3ff2eb30fdbb8c36cdd999b505254e9b21058b01728abf85e106a73caf8b804b24bfafff629a1e7a828bd656075746a05248a63173be84c1fc067933655f6eaf8284bd9f2f03b3aa730c0f58721591e46790f8fc095056168d2cec61f77441d5ca1526f9ef8c1cd2f7de17340aed070dd79ac6e4848211163949229d0105436013e094b0090bc1bb6ea31c184eef752f191b8a7207fe04a9d4ce6f84c8b657b7029bf37290608a232f20b83c5a8d3b213d54e650f9b217f185933ddd9627f6062bce110bcd747bc10a681f6c1c18589bd08c95626c2f6132f6bbadbbe952bd83390714a79c5a2709a7ef198028c36ef50ab5e4cef87d8130e2da67c0bf8c93d55f544aa555f23ab5431384bf2cb9f24c9c2386140c25fdab9337fcf34a2df1070c0f6818f1f4cac90dcf60d7e066aa1dc94eb07fb6446b5f1b7bd6eca6bcc6de234e34bb3a267c988aa5760aa2ff42a5d3a64228fa9bb86b877710dd5af860be1a7037b75e82db10078d343ba7d25ac82c4b2043bf0afa95aed2a0e07f982d9a4fb25e438313a3fdf12923a39003d0a80efe0e63f0fc09c8f4b841bf280f3aeb1f8dcc79ed9fe23bc47bea0e1812d8b8a1a906292932d6863cb518ad42b13da693021accbdcc32a417864883d60f6355a65990665f33bc5f0f0e0855d82c17d34b77b881c7972f2d89b038a4dd6c939a28bb7fbe9312811f0b933dac29c7bfb844b0966f701a0842582663416eb99c12dbf8211cf8c0883c19e11b0b452a4be30302a866afc5154a3ba3012a75f3597da44f68944b7ff875daebc8ef0776ead9ea8e0c665955878c8fee9b997213d0d65a84c20525382a3bb0893a4163928c82a8cee74fe476d28635213c15f2a98391b39581ba420e18bc26bec9d3c7281d7f87cc3a82dddd758d118538b847c6488fd2f5f3d20207e5a0047a5c88f2fea3532cbc8d3d67a4a67cc4f410c3d4c9f3a28c1879d5da43b66f58a0dde18259e8a2cdd8a2e5b54605de5453f9138a59bf153159e69f4eded26bfd4a134989197f87363b19a96220ff1af21b1657455d4b20eec5f9b08fdc3103fbf944f16b2523a6361c3e001f1d45b03fb3df982964f8fd0d2b119011880b8de59604097954bfc7d0fcf3ee91748182a4394d37139dc61c6f9865049600f80bf5e96eea7d23769274b8f704ee6279a064e46bf1a2766bf59fcf5d04d3ea967a56f7bf4b1615f9303aa53a18076fed7d5f454856fb55ef28a62ed2e365d22265be32148633e3b09f912bbe73bf0cd7268b8786aa4a7135e6be484bf0d7492c90f8f861df651e946bce17a12df87ea060457a74ff8845a487097ed587c920002df3d5c16bcc35780e12c3dfc868a563cdfc9cec85b3dd2214edfe1c51f0afeba4a0f54468aba7e40ec78fad79b2f2ccd38510eda35d59b17e7544af1aa56be9e3c343da4e5670386aaebb4fe7507208057fe5f75d0443ddc55f3c455732f593727548512249670b8c0f27f7cf5c443c13143e19da18dcaa6621715353224dd38090ac8f25533b710194181a2cabb53e81cc2e9e3c4710cd9f4df4778a277f818533929085c9622eb0a6262ecd1eec2ceea0ca491df4b228c5286bb222e89fac076e6a409d813738e22b5e9582b87b2c5e18cf5c8a799d6154df09c009f3a782a20244769e11254b1064caae95465ec5ac7f8481d3f345f4eee0802cd66622ba50f98fcbd89204c84d45f0beca0eaba6455f3ffbb4154fc73b93947e11d671618a7cb670a3add15ca9d12880fa2f663d0d39d9bd8c3ee427c6f4cb51af719892c14de1a9e0a200bcde2b027206bf4be8bed7e407bf084a12c47328811a2b06e160b65dc789a6fce6ab9df221faad48c3f7d66e6beb7c087c4ce5e5b7369e3ea0296d278792f39863e0913b2ab5741158d5aba703d472ae5c5fd78dd89a08dcb92a7b012009517ac6f3bb7bf496a76d3fc149032ab9eab25f3bdbb7b630552a7a1284a4c3b262b47a09b21c4a43977a124030bba1642b5753a87a80633b93a077223777a9d9bdf02fe61dd61eae6c7d47e7966e4619048d1adaefc1df827fdcc92ca42edfa7e9ec762f842aa83436539009a641d6c73e712d7e7c28e4149c2111647763b62fa7c5ef685752182d1ead97ed120360bb14e3b81ae21d1958434bf735f59bb912aac35ff5dea5e95a1e1208d83bb2e122365687c64d008a4b36cf79ec84a94fc3e48058358842e0e9bf8ec4ddfd92d38b66d901d499ba4412aa88fd74fd1ad70793500743cc835f6a296b02354a4adad4fca506d9253055c0216df52c1985e56a54bb090b0b1775291c00e23910726e344d3f30163ff0d3378c4aefa519aa257420f64e5e53d3871284814d8e409e8eec8f1d1a9b7b157f6c817b0aa2fccfd0f49f9c68f7c094ad0ef0c2324350c5a3f0fa7b9f6dda8560362dfe028b7a26e40f7b333dc1010e8efe6eaccb69e6ed3cd45a02b19e8b464d80c3e26b0e73f6df67fe675348cd11ab9c8fb87f2a23d3fe3fcd092ace62175c1bc4915faa31889181d060041cd580b26fa718f876ba876fac58afb24075fb7c4f7cd872f267f79b7326fea3ddb70bca88e6dd04c91c705d6513bbbbfbc9f664b76b211941946e46715cb372e30d1ab47388e786275eaaa705fbbb170c0f2e32d102cc2c4016e43b8ce5a98331db9747051c0a1cdd002134fda4677f8c239c21903ffd619886e80c152133eace1851fb70805032c6137585a17cad3324441b0a254134baaab5c8317274e2fdbbd6a5cae37dea40b659f0a453a2fbfc3075993eb5eba9fcad5470cf056bb17f5ae9df2c07a35dbf4b9ea4e0deb1da6f1978c74ed418e8bf401eba9faf88c41c73bad599e4fad6229bba156afabf521fddc9205d4f4d06daa6a1cdadac3fecff389480c5c8891c78e60877a1960efb4ae3deb503324c70359c959a3f5988cecf466b1e3fa2a30cd229344ebec9f4447d2ff69b1066aa08318c3cc2a0053af314134de2237365031e2b44f5196b5514ce54f02662f7cf701d8bb307cd51d94bb0f5a1f87850f30ba46803080661e36d6fd04255e27dd485e6a1765fe5297dfc9cf7df1485e12f04cb6f2b5a6362ee330884886c64a5f97dd53fd0ea8d18f183e10fb7a3853380436a04f580ad2e278bcc22ec2c75fc5173165a3c4f5af90ebc070757fac24ab6cdd30d1fb2a51c449bd7af5bbd16b8428302c8e5b42901c50038c2ed0fd9c36556670fde9d972ebca36f87892a422b5005892f6b8b19fa972849d062763f4e017f4a3b7c55be9827cf5ad9cdf4b6f3b68b97f31cfc871cd93cbc5be26da371ef07da1c89d26e895c3a6d5a9ca8aef3950e0b461013a6bd31579d3a31a227a02f192255502af26d1e55b1863a99fdf814c4ad4fb3d686f9cb6921a3e5b2861a00c7e6d80322a425f19b8c26f11e47f529760e0c6f9e7b3d60873b26dc1ceed94ae94ef311d3c508d529e866fe33dbe11238466fcd61dbc0265116159f3cdfed8d7f9523da87f088d4188ff02dea7487ffbc8380e9211d82c7bacda7ba333181f66e40267b713d0f607e383a93898b0238285659e51bc7d6402f69eff1572d97088559164e7b6595aef8247cddf7252b082ff11cd810101c11ba5f363d541dc01590bbd3101fdebcf69358cf79a12c1ae7fe1c9eac4b5b1a59972a34a8e9fc5a5175d726a7fdcb48f7384625233141bc5a9e47f8d72971f75d68be1830369da9d9b7a9c56b7b1e661f4125666a8ee164b709cfc4230dd7225a0d9e4607006287049da", 0x1000}], 0x5, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) write(0xffffffffffffffff, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x880000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x170, r2, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x40}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000000}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x41}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2b8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'sit0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x39}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}]}, 0x170}, 0x1, 0x0, 0x0, 0x11}, 0x20008080) ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000000)) ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f00000001c0)) ptrace$cont(0x18, r0, 0x0, 0x0) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000100)={0xffffffff, 0x8, 0x0, "6c9d902eb5f697a2bffb99bfc6ebab3827bc114cbac5aefd9ef3c8096f5e68ff"}) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f00000000c0)={0x0, {0x7f}}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:58 executing program 5: ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000180)={0x0, 0x1f, 0x2, {0xa, @win={{0x8, 0x5, 0x590f, 0xf6}, 0x1, 0x4, &(0x7f0000000080)={{0x8000, 0xa, 0x6, 0x6}, &(0x7f0000000040)={{0x7, 0x10001, 0x101, 0x6c34}, &(0x7f0000000000)={{0x27, 0xb557, 0x200, 0xffff}}}}, 0x6, &(0x7f0000000100)="451481066dd34ec7737596d18701a1c723ef94b545cb7b9d420681f5e11b9eef3245b2e758d8d70cb20e6e3465e3ad3f9c26a083454396b581529adebd73751b17fd0df0eae54aa8ad1de80aae28b380", 0x4}}, 0xb5}) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0x0, 0x8, 0x0, "6c9d902eb5f697a2bffb99bfc6ebab3827bc114cbac5aefd9ef3c8096f5e68ff"}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r1, &(0x7f0000000280)={0x2}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000)=ANY=[], 0x8) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x0, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_PID={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7, 0x2}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r2}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000340)=0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000080)=[{&(0x7f0000000180)="5727758fd41d1f1df0f3dadbf6a7510f9e62f235717aaa53dd7612160ee425f8b2bd32623c0cfb0e0a7151d161be3c24529efd72066f369a7e52fb6c0260bde6b255d4a7a5763f4851efc547c9f68e8a157ab0cffb971723ab3908bee311499324968488ba5ba21473cbd689e7c30bc14da53673f49bf814a1a20f2a472a8a99077d31d34be87852f9186c53299aa15ab27c767a37d60e46ebdb2479237c577da355452663dad259cb2523c42f01d29d69b37a9fc42c09d90f7d4394ecf34ab21b456064d102a1aa2885159d8ced7bcff45859603ea86eaf0c5f2618629e51fd", 0xe0}], 0x1, &(0x7f0000000380)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r3}}}], 0x80, 0x1}], 0x1, 0x4000) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001440)=[{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000a40)=[{&(0x7f0000000480)="87cc864b33321b16a1fe8d5e85354197b1cebe7007ce52bc4abdc670bbd025143c475f073b109a56e8c6f8bcd525e81c37e0597959adf155b46f5db88d2de9f3fddb1d16bf99ea78a6a5e796bf91a5540a145c4fd8fda408285d81c1199f483a851d94668ebde9459292c5ea0487d4ca3c879398c9a5ca097b8a2f1d7f2b4cb417022dba41a5694fab9af0167dd02dc0435703bdea3d5705875f4584ffe24d7bdb2c7f35680ccb2e194a5a2f9b47c87d16091846aff556a922981993cdb83346c8c8f2c05434a25ba862b3bd716b4d26", 0xd0}, {&(0x7f0000000300)="50dd63f011f8be300e6583632875afc8af3ad998512875cbff80225962f2c5", 0x1f}, {&(0x7f0000000400)="482f674150a0a403351a0a70bc4b632af973", 0x12}, {&(0x7f0000000580)="05e4ce504a27cf87916fbddfb3a30c1008d28b3b945779f3565864282fd5e88a9d25a7ad1a3d9f14517848fe3e69890c7d1833bcc302465e6e2bff980fa36e883398c46b31b71ba39c7805e0e8ea004a943ee0d0b4a7fea8a2a0f72192e6bed66aa1899e140a370512a001f941d7e0897a27a25c818c115bc2eb9e", 0x7b}, {&(0x7f0000000600)="05937000d022dded81e56645aa079793235daf3d9e1883359dc5b81b6d896de54b46bb4b98ab043b634e75ca5b335ccd6f7a5878a55df047abef288e118937d1e78a469f81a19f8ea207d30c78759e71c33802d9505e55fcf41765aca8c6b813edd9cc5c2e7817305133717b819e7562696fafd9493b73a586fc817522a11dd59f7cd083a02b2927ebd064c69d7366f63cab47f56e0624deb36295e971bf338d5d509ece25c90963dd04909f31bd7dad326a893ba55ac98eb3af8754dd", 0xbd}, {&(0x7f00000006c0)="79ba9bca15a7b4e0864e6c815b1c57fbff60b553d9903bb883a1efcfaa20f68ae98ea8197422686576bd19a96f49dddca385472672aeb35051960c4eb19c4f2a9ed846504d8b79b96c6bd41c9890de922c624cfd2db915dac99efb26df94803d390bf36ecf436c8d49fa15911812919543cd07d4ebe1e68a59f8b404874578ef6034655d0079272ccf3f87f133dc93b25c16a7c6cbcd55b790cfc215b1e1c4490cb34e80aa7d1f", 0xa7}, {&(0x7f0000000780)="d44feaffcc4072325ecb3f7cf3f25dd068da874ccc8eadc39e4b2012b98aae9e43316a784b3f6db8109e3bd472f2efdd91b9fa40cf0e59f068b861bb2c9862d2b2734c61d02b4b8d5f045188f27f13a6b3cb79c90ea623fd690a5effbcbb5330ad999d0d4e8ef71a5f9fff2fb1249cd1b2977aceabf376054484a423b80b401510acaf5ec4039bf2603455087ae259cc157dd19f1fc56740aaeed38ceb5265a30e554def06d9361cf1790c118dbf17db97d3b4a7344d1a60fb11685e71307e65170107c77f8088ce49d43f83eb6b36ec9b0cb2aaf84f6bad6e9173ffeb1d906c99b6fdc91d5979da5c07ba82063988912a267a11999846cc", 0xf8}, {&(0x7f0000000880)="a8bad79cf7146c1d4975e8a6bbf1ed982db3bd5e0c1342d857e418862d7ef77744b85741d29ac30de41a3c09063c43a8115a6479d72d55bba24a32c9b458913fdb6214fac3e90a2e98b193465bcab917b6b821afc77f5b390575be0517ea8d7c69b843b284213569ef2c7715d3d7b345d1a543b8d5a6d03bbbe2ee0bc89dffcb29579cf501974f0be0c4e79fbdfbb28bc9016b6dd5fe816ce2eb215339c085fd5f6c57e6e96c463b4f4c522ff17c4f499d1a9e02ecf8ec3d9a967f93d2e70621c1f1140e835cf2f00ca334add0b3d4a2a417f5d26d35c221fe52690f30e7bef7a8e961284f950a56", 0xe8}, {&(0x7f0000000980)="d4b3d4e04026503db49cbb4a524cf3bb31bf2aaa92333b72a55daec2b659a3c6fb92ca4431fe828376981df3019d87aff39a29c03005bbfcb7749e2b5469ec27e58e0269d95dce114ff5d7220886d47a716e643dbdd03e29a300c860314e54a748717b235f9592f3e4bcd89becf3e2bd4695db7437364f0c198317695a0645e7f063e22909705b16131a5fa882357eda3bb31ef8c5fe5b53e2fb06", 0x9b}], 0x9, &(0x7f0000001080)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r1, r1, r1, 0xffffffffffffffff, r1, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xffffffffffffffff, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r1, r1, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x158, 0xc0040c5}, {&(0x7f0000001200)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000001340)=[{&(0x7f0000001280)="922dbf67f19dc0491b9136dd48f9961589978eabd4a2d52674bd3258da9a6f6cce98babea46d8ad1ec964a246c09840a3a98843aeaa6fec0ef8c2dbf65a1ffefab2374d79d4219804344b37d7ce42967373f08e37eb7a54fd32a2820cec8db2219173d57d45738374e9cd1f51cb2eeeaaab30feb731d44623145c96d32", 0x7d}, {&(0x7f0000001300)="723e1d9a821bba6244", 0x9}], 0x2, &(0x7f0000001400)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r3, 0xee00}}}], 0x40, 0x24008010}], 0x2, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) 21:00:59 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VFIO_IOMMU_MAP_DMA(r2, 0x3b71, &(0x7f0000000000)={0x20, 0x1, 0x8, 0x83, 0x3}) 21:00:59 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:00:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x59) 21:01:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x5b) 21:01:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x100000000000000, 0x0) 21:01:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:01 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x200000000000000, 0x0) 21:01:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x5c) 21:01:01 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, &(0x7f0000000000)) 21:01:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x5d) 21:01:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x5f) 21:01:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x61) 21:01:02 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:02 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) fsetxattr$security_capability(r1, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000040)=@v2={0x2000000, [{0x1ff, 0x100}, {0x7108a7e2}]}, 0x14, 0x3) tkill(r0, 0x34) r2 = getpgid(0x0) pidfd_open(r2, 0x0) ptrace$cont(0x20, r2, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:01:02 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x63) 21:01:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x64) 21:01:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x65) 21:01:04 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x300000000000000, 0x0) 21:01:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x66) 21:01:04 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000001600)={0x9, 0x0, [{0x2, 0x7c, &(0x7f0000000100)=""/124}, {0x100000, 0x98, &(0x7f0000000180)=""/152}, {0xd000, 0xa1, &(0x7f0000000240)=""/161}, {0x5000, 0x1000, &(0x7f0000000300)=""/4096}, {0x3000, 0xf2, &(0x7f0000001300)=""/242}, {0x10000, 0xc0, &(0x7f0000001400)=""/192}, {0x3000, 0x4d, &(0x7f00000014c0)=""/77}, {}, {0x10000, 0xa4, &(0x7f0000001740)=""/164}]}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) r1 = socket(0xb, 0x3, 0x200) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4007f}, 0x10) write(r1, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) getsockname$ax25(r1, &(0x7f0000001540)={{0x3, @default}, [@netrom, @default, @null, @bcast, @default, @remote, @rose, @default]}, &(0x7f00000015c0)=0x48) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000100)={0x0, 0x8, 0x0, "6c9d902eb5f697a2bffb99bfc6ebab3827bc114cbac5aefd9ef3c8096f5e68ff"}) write(0xffffffffffffffff, &(0x7f000018efdc)="2400000052001f0014f9f407000904000200071010000800feffffff0800000000000000", 0x24) sendmmsg(0xffffffffffffffff, &(0x7f0000009280)=[{{&(0x7f0000001800)=@ll={0x11, 0x7, 0x0, 0x1, 0x74, 0x6, @remote}, 0x80, &(0x7f0000002980)=[{&(0x7f0000001880)}, {&(0x7f00000018c0)="6e364f0a9d2501aad476e812066f9d1579cf5e70ee5244c8ba11f7ec8862bb4061898e333eaa27a6345ac95cfb946a0d135a1b66a5e1039b5a082b8236a7492e1dc857ed63aa4017fc1bb51922a5224a647fb18c76fd93e75317ee96243a11a0e509aca32c90341c6a585c01f773be0a3f6ba2273d114553b999e931d02e010c1b43d136c670ef9c513b20ca68d5c5d3b07444fc66eaeb5e13a559c08ab05a1754e9181ae8daeac82eebb9efeb1f8d6b8c54959c7eea4e264f21e7746276ab607ca954df61e9c77c1f995383d4f4f6039db2462e6a2b05b4e603dc3b6b3081c17430beae5af778517da8a7118bace3b011816f673fc77a024312bc9e578ebfb694c3ed10e4aa3e51d94e1e0342041f825b40009d62c9485db6bcf57319d828a4b976276a8f3fa4c05bd36566ddb96145160904025ed9e02b842e40deb218bea0c19e6ae06d753c35b8070408b64ab3652e54592be8447b1ae29cd9e09c03526898e72965098b6fbe1813e75ba2ba9dd8232799554fe87e2d05df852ce7b24fdfbeeec7a3ca0b6a397e537b1f7975b65b5fa7257361824bd339151c4f72df6c6479c8513e627bdadede2944c3320f8d26f88ac2aa79fc2532b155ea6acb7745b47e8d4a9784a9a7ade2a55f3251b7056ec6c441343dc85f43da1cfd487d1ec344202c048ffcdebbf718928a8a19ff07c2dcbfc0ebd884e2c989d4897d812478d7d6ba156d244b07223059494bd0e4dea802e9c581a5cd70bf65196f228ae8f07d2f184feb7b6a879de1601fd2e0bae153a5b77a3c988576c65ee8a5ce90bc26e5958cbc8ceae2f232991427082f19c719ab9627aeb22429ab4dec93eb17daa5219b7d5ff751eaee4f91caaee04f3919cc37f75717b74d542ad00f006fbe5efaff61b25ad7ff768eb388cf3c80c151c0623ada546d85cea7c541a9d5b1c6c3a4d323b795891da29a47efef2f3ff49429d1e42b54c73bf6632ef5ccc068fe44af7230a42eef3bad188f8a0e57e2de8981852021b588a8c9fc6047cbd62f6052c321b198fa07a52c64b07ffae7651d42f273b965286a7ae83dce9d7252143a73175cabf5daa8c6c34d11b443c3759c0f90042c6b5694587372574418ceabc27b445a5257c9276b6c499059b89c431681eb8e307647ba16801f6ea0bd9c8a02627c56846365d43411d6f36f06f9317b736d376604f4fc5364e5364556b37e96eed05bdd98a70b59f17502f96bf0d5ef365c01629b1ac1c19948a40c873dc8b977ded2425e62e7575c0daffe3576dd291fa4100865b5b8b1e0a112e1c8aeee987ff28200a4bac1e2c1045fcd46b18bfb7928d2287de27dcd98bd7ce3c9d0cb4247fcc1b80e915e52abb47b42dd2863239c1cd29acaf97dd7bada1e6f103a3e942d694073e7c47f9313027ab3c2eb50a517ad23c9d70b5c8af0009ec59b4a594589a66c3c0aa38be654c71cf8e2368523c79a0fe66da053a4ebf5fe669fae8eece2c40f917702db3dff2055fca34a1f63c7ea0b1f938b06efcab024ac56001962dac50cba34064498d17838002a47b58a09245816444f3e5916db60c7f8837b55f34b44f27c7218485b87168f8fa183637596d344a2194cd9cab1db1c698e7abde0b38c19b186952c483629052c591e839acb838abd9afa6ccd226c97a304069a5004399dc5f29f9ba4133b2709d1dd085f989d1928536de60c6d514c6032c865a19bc44f88753368bbe84e4792a91f055c1334b9102548aba7d6848b424de6c11d9b7e85f4a1f9f4666d62eeab90fb905590a31ac8554a4d3bd944238873b1144aebd1da5e6028fe2438ef8ef5da3fee6e5a8b9891d2df814a82bde9b84b34cad23acab4155cdb00bd7b800dbe818c186e68e43046ffaba43a606721d3d3ab7226e99ca31a9b3132547a2f1e93bc1d5c554e7e71e29f802cd69f16ab533e8229a266d04ef0ec1502a7278fa48a6e208be6f878b04910cb8cbab2cb2f5e3b63fea7d0e82a0dc985b9225a0b93b8aca5fba96ee402606b9d164cb6d6e6a1b75b80fff14fe6f092ce0c43c0927291d57f7908876b3e92c1450381da5991da8767cbd9bb7636c034ac5f5c0f67bd3c3622fec1a2fd606a4a36cdb060f5d5845b6297e32f56921bf77da4b956d4ba02207606662ea3e43aad53d996794f2b9c9a297a83d79148d589370c519ba68ad5136f2a3d1c144ebddc2ec1bba11bb85ec01d86eb30129929ef258b36c6c49a111b6ed0e6a5d494ae933495dbdceb9048fd16ba82aedcccf5c693bea7b513290c2478c3204ab273ae76252133f340cb69ed01a703c18b89146d86d4f4f297f8e1d86249c3b24c3eee449101f7a68e2e52195a034ff589efb3244ecbac0faf6e797d9e2be9b3ef7cb613b94f6947076294d20f7fc1b5281809a5046e8f84b7012e574265a5580794362febe5e7a4888bf60c2a73c44c7ae7b1ab09a08a986ae8335eebdc62acff18500d0d7611372bd04cb6f402b24ebcaee700767f04d965212ea3defd6266b9142d16644ac726ee78be08bbc60a9fcc68d6d949f7edd2a159fc79a3891321f0b99b42704479a3e707bd9d7911c6026c9cc4f144e9aa0ae8ae627ec5799a1fe922bf719bcc61bb5207e7f8dd8c6b642ac936a8879b033eca9721438e6b4b26c8a5213f14cf98ecd99c9dbd39c2aef12411d4d7754a59238135a5a8dc70018e591c5bf4efd157b1db504416a234848d66629bc9444f7c77b34db0df32c96c3425d0ef5ec9892b1331834124f0c51485560917e7460dc998659a1fb22f65ce40270bb889d1da0ea5300a3fb180e4cb75a6f8814b31930d774813f91698116b3cfcc3f87c37c45356c7c823975d92ad4ad60de2d5c630d01dcae47df1b29e7096511d1a8416c335dbc007d98a23deeeb24da9a6fc23a70b59987f4d3e81c34e75de5e2a1cddcad246637ce064457c448a57b1ed48a2cc53e060233ddf9c3bb4c362d7e6fabef4499fdf6c09c515a9a9f1b205193c165522367554285efe44ba0f49657689821d15526a66314bbe1143dc6e9e2f594b666a3e77aeb00de876dfc340e2ed029931eb75dce0f6c32ec7a01428830c817f25971b4bed6cb2e689da582215f5cf5e202b6808fb4ac699b47749001a97831d703e3e3d3da7bae7100fc7f905803c087a000a64cf882159322759c93c793e5dc6cda69e11e3a1fb449618b3953c124d28399ca69b2c541ae706f52cafe74747e3d403c44046c1c346469cc78c219b243077d77f5fb78d71735399af5ac21ef2a648eddcef5f1bf0c936f54683d992e20a4c94e48e8c78b24610c85d8f0934bc68623c2f97dbcb41a72944a3a8befbbeb4037eb0acd932e14f89717249d75d79c2ceafc10e0fe7c2780f6205e01b7d87dd7b10af345ce32409e387781f3ebf816fefb7ab67e0d5d4d23233960ae19f9dc4095146344c291fae784c6005d331eb433bd3233e5ebc3dc9e78a36e7f4a74de1e0e92233e54a3f52ee052158bd7d6b615ef6ff293fd832e4da40ee225aab52b55c17dbdbfae07d960234d8cddcf586629d823f097764915ac181762530680fb577a8f6e22786d67fd2fd7b4e5e8162caa0ece9567a5f1d861c2cc61b0eb0d073f7058606653786d8cc9da6de7468a8eec9dd729f11e6f23fb37ba467e394f8014c78f71ca0dfffbc3eddedc7cf0a25f08195a7dea524891d830c8c560c40f810be2905522f385eeef2ff52857d842b8fd1ce622d9e8bd052e6da8e8cceee20af9d8eb79a9933c6b12b5d0cacdc3e2592371490fc73dea7737ec1e5a23b1b8a53b653338ccb2551195d8ae48452836bf1a46a748413e964d371db2347ff912635e31b3f2d047465e6ba999050240bfc7017563e4b91e38ef961376a98e2409a81b4c85c3175feea76c149de1d7ba511bcf4d4c58be8e2575c5a4316c5cf752772d7796236cda52c326ee90482a6b08da7d0c39663950e0fb1d7f412701ebda18d32a8e8341d141395cf1c475d9f2b210eb234432dc14d47969fc5a2261b7ce2a9f82dacfbc06a1819997db71da6415ac5a7ea89dbbe9b2495d5f2722ada1d325f8d2730d432bf0c9013b0bc739d5324cd13836a4c14f27fa58bb98c7421a2b4a266502d19ba10ff24ec963551aac194689c7a7e16b68afdfda772e1e53ebf4971261ca21d752525b73cdc51efd6f884ec90e5eb0f580ccd7b5e0032a37f10376e6f55174eb6f438ee44e425faa47954f4e5a52a4f15c6ec7548c079abceabe97881c78a9a2eb6ed7280d956a95863af8a39602f3d0649d11ca95853bfbc196a1a0e3a0812b40891d0a8ba48e9f7bbb96345fbb8c0f20a6f13bda5d1f929f3916e91f3f67badd461feb7f94cd0ed8a1fff8432d1270d50f8eed5bd3fa108f1e07e268d103d0e3ee449ca78927f1ca2de802b3836236052c4d99b0fa3e886b6f6d26e9dcdb161951bf6935041d1ab3de7d24c777eaa334f4528bcd9ccca246dc71bd29a89cf839bcb4b42319700dcca907d80d9ef3effad4fb39f90fe18e5a3c2e0e094961ef6b5473cda953ab1ef64afcb07cefa4841ff43a9c4c8325d30cf08421696381a47b7fbbf7bb186b027aba0093cd283b5da86471fc9d370f3e8c529f1839c40c383db7818d3556c56eaf33e218c11c3fd79d6296b33667c92c5e2b766de6cedfb6358632ea78edca643270a0f8583be1bfb19db03abcc01477b1ef19c7e8429bc3458f02aad4df5f5042664a9c4cf3e875f3bcec23522922e10880cd4c8e1634626f7c6ba37b4dabb4619aed552ec18f920659a3e8de03e62f44314b6fa8d6e04c98c8533c39f914998145ec795040063c07146f3eba5c1608e4cca1a7b34ab9cbe46e4144503366bf6467c795015c74b1dcb316b10e457b37dbf7389ab2cd5b0a918c6e93056aea45a406969cb6a6f54ba1a4b1c2e4dbf14ce22c33cf337a22c074e8f5659813ccfb1549c1cc580e34d0dc75c86780725a752dc4e07596aec3dc5d9aa33b5fe241bb47c2ec66c01b2f64e80d81f8ab43baa153465653d2f2e39239e8e65488555538a49ce474bca7c450730d3c22ed9315cb77b967a649cd17410340820e7d0c6a6c1d013d641a8d43e8321cd39ea27f9c3a1ed9fe5704e696d3e4cad4f9c8ccbea92c0134534f71e6a90f71370128b7496d5b134bc0f5afecd01b23543f9d5ca351eada659b2b24e600e38a042d89498bb3d2a82efba8b80ae37216ffdec3776aeeaad4c4f4c4c5cb8ecb734bad285a43e5dd6c5a3066153d6890115fce3a36373555c3f9fc1e14f35026ef262f8d33e355b5012d707981cd1e9d611de6d701e6a51b6f50fb471e1d57c4d774b2f264b603d78706fb64f4f66e8d8129eb710080171e35acee049a9eceb158c49c4b3160abe775d0f5a0220a8ab95bcb3b4c4652b0fc5ff6c33387770386648522d7ae28523938be5de84e4c3fd03f04e73b48a59085784d34de752acfb5753d1f458c4ae6beac29672816c5719fc39a08f567de4b7df0e2bf6344ce24367b8e1b5191f90cc4927f1b222f282c2f425bafeef31b7bee0c0b940ce76fae7ddb5e10ffa1d46540f4a25dedb6f82b8ff624d90ce8a9de2a1d446bef813e0e906e4a5207e668737f6811430af9382b0b2716c6eac40eb570bac178f1f5a743b2340a2dc210658b76a13392c30e519c187a1b5018a1dd749b917a7dc08fbdc4230c9fc842fd0adb71cd070435f0d9f1c6062bd4f659141a7baf1c1857e9a6d311a4323820fc386c0e46c05fab5fa5204b2ffbda07258714a27e02879ca56dbc3f7b2eb0173d9344dd202f2a3d5647fbfc7bca1d46949", 0x1000}, {&(0x7f00000028c0)="af5165c1d1f28a59896856985bdc36565ede3d39251785a58a09cf1973792b99b02e982577bad8f21bc455ca0193181d444c5b256d7081d1cd00660a6ca9da9b9173bb2e68fab296b75494304ce833545a24561143862eeffd9cb1d5a1de1667e68bcdb31af3a486394d7489912b8b818644952865512d97558032eb69f9484a3bb60b4e192479c32284f7e343169c8cc8bb728eec5b2671673977a75725055ec4c5ec7a91f45161ca7a499a455b01cba9d2335db633feb12eb634faddba5b03", 0xc0}], 0x3, &(0x7f00000029c0)=[{0x38, 0x136, 0x3, "6e461626c7e68219e300832ee74aebfcc0f614f791dfa7b4c15dffe8c0969c40b1d4d6"}, {0xc8, 0x13, 0x8000, "28baca9df841795f9acdc091243f28e625102d12ef4fbce62331f088a80b30b8ce234f94a5cf88bbf5105917897884d395a5d6c924fb7a48908f3d668070f7a0f165fda2e52a081e895440b727a80ca8bd3edd82c1f2f476840cc8d9fe580d3a0b33efdd27c8a3f26d490a99ad7d79e20ba9b9e5790a99517c36436f3ceed8fed0dc199e7e2174299b01f65d45088ae988d438db52763394eeab345083a2a15cfd4af4b4af5a48d33728fdd51267cb473da039e257"}, {0xe0, 0x10e, 0x7, "5122c8acc9bd89e183dffbfac484ed167c4d9147aee8f348ce3e3a84f63ab05ecd63ad8461ac1581afb6f16ed904dcf0bc73de717ad15a4f2bcd9548bab426167125c8412ef4625159617242fc0bb5e53c225ad40ec17b503ce65bb12d971ff522392ac22cd090c215576e59d1b122d68793921b027fa74362ef43e35c092d4ee952546d936bf865c4dc6a50ecb8e531c9927cbf870b3bc364fbc0ab9e9665e131bf43e4688b910b67efb0a67907967e85f4e3260ba17c93a58685664fe609a2e7528c7a86e6df1506fb57"}, {0xe0, 0x105, 0x6, "f21351c111ce5651829b1acd6fb7c33678044cd57205121adb5156bb4fa1d02d0123e4dafec2aa831aa88f31986b378e62893a9e94ca5fed9323eae5769b8ccf4eb56d24997c88c280f77b03d87402aee7609b9ff3449948bc262bf0c2b50f4edcf5afc70ab8bd17ab3839a7ef71909f3005552de62898b4d771c62e6b7c195c623756f5477adea0f42e8e3a6090a1eb358861d356c95b355c7f69e01ef921d624626f69c919cb58b971b872c84567f122dac7228dda86c6126db3f9ca1e8b807e33182f4ce8b47f53599a5a835d1ab7"}, {0xd0, 0x114, 0x8, "4c0742ed56d4b847772f99e0394f85374f4ca84477ccdb2a3888b6df9df0c86adc388c29569f816128a69638bd5245d9980ea6f62658fbfb32db1652867ef98e44d70c4d3985286c7bd1e13bde1073e98b61ef3f7ff8f6a5165223095c5701948b9ada5250b199fcdbb6d4d7399cdb6c21bbc2903a0bf1c3de08268fdacecb0ae004d7105055251bf4894a27941deb5d82293ab669bea924c9e6ef078ed07e777f77472853e7ed66a1d7429705b050a2c3e8f71846d7e643ba36f0413f63"}, {0x20, 0x107, 0x345, "dabf95e6ba4ccc8da35bcdeba6"}], 0x3b0}}, {{&(0x7f0000002d80)=@nl=@kern={0x10, 0x0, 0x0, 0x1000000}, 0x80, &(0x7f0000005280)=[{&(0x7f0000002e00)="384c710594b7d6953aec28ded8c20c4d80e3d08d7aa28ee4c0353895bdb4586bdb3218c181b9e4e9e8efd3e08531041927647a5ccf9ef2b1ea725bbfe3dec446f7731f8c28cb9a3ba61e16542e8dfabcc297e6260510e625753876a22b8b657e3294be602d9bc2f01ce3dac0031bf0b6c41634d46a8188b5e5a7f16e8044154b2175894a9cd78a594260a47bde2755d83790ae03d60ea6ac1c94f8ac1a3e35602d1e4284f0d67ce15c6ae5d84fbb9b47c85972f0668f5d42706e4119d2cb0a", 0xbf}, {&(0x7f0000002ec0)="8dfec8a9998ba9780ea818e27fb6b671280435a2a28599d33a88398483e8948c536854b37804c05a090f8350cd5626e9791c4ae4a6227cbc12aa0f819df237c39b6d1bdf184e9f086e511c9de2d8f03ea19eecbd508a6cacb3574a55db69afb73ac5d5f5812ed9efc372f54d5543a16494eb184a151a456758b3ff7e53db3d89d3e426e9694b6a5c2bce872845b569d13a411a0252604e14d1101e4d197b3bf5b01672edc56678cfd3d12689a51c47b72f1c92eaec91ceda2fe102f172c46e0b8d646e4abbd83a1df63e17c5bce1264cad12017c757a22ad3ddc08077df45a98b954", 0xe2}, {&(0x7f0000002fc0)="f9f1f52d065211658d5c28501e9b425cfadaeaaebde49df4207035d443d2a26d6eb659faa308124a02db10f8df22d205f18c3d04a8826a33304fb34cdfd90ddc3e6105f4f64ac9bf8ed9576b5c8ee48d46cfcb3a0de694a0237c42de03677279c40dda3f3be5c6eb5b9b5c8c825d226de8cd1688e59845f1c9c656df79e183c300da0f709c4f629bb34ff37171b51634e4bce59aa03e9d8cdf211ebb34f9f20aab0000b42441a2da20c6e39af93f5ddc3a8014895720c0e77e01dad7cff8f0988d4c77f3aad22a9a995e0b", 0xcb}, {&(0x7f00000030c0)="01d2869bb16490857ef4814f5f78b0d676d3d581a1bab413070a9928e8685d0261fba54a96ddda1ddb0bb45445d9d5de9bb71c9839016b6a02c43f8c40bebe658033413168985891b78f97221a897eb95d3379deb4abb1d9d453b836a40a3fc55b575315a8c87be71e5d6c77655b95b7ac2c485231b9e3d0d7436ac1feb622ed7fbaf8d359b20f35802aecad1cdc5b320bc5eab1b5a38ac982db697dee334592c4b4e9324ff31106efaa563e295a552bf7ae1761dbbea0c7", 0xb8}, {&(0x7f0000003180)="3aee5b151b83095dd31597aa20d24a303fa35bc6252e1bf53fc5f41ef00cf4b3c99b3b0519a015866713abc4a6de9411e46251b5d857ac7b42ee66a6f40299d8bca379c38c487a043a00ce3d00ae944a5099d058203930ab755f245adedbc195e5e34b90fbeb90193dd955ba3366e24822fccc8e466cad660176656402639175858f86f3d831fb06306a4920b9847dff353c5731ab2ae7ac100539bee237d4d74f51371c68a6ef01530d96ada24b99c1c4c409788a803392700ce6df40a40084b825785c112c264ef58f0ec1eb4dcc9d027a535031b879abee005f04219a0d8615fe3a779d8f069fd55f728727bda24b9e523205e700326b432df2fc2351f2866736097c2731e93b546584410bfa484b5b87cd3422f7c26a62c80be274e0612487aaffeaabb375ebc079d3dbb2912f70f6a79ea27792642361a64e908a913a306d70e4afd8463f7991cbd3feebe6cc602e9b1c5b4750495513aa9c1da09b61e33ec20b866e541eec90100062f86abae2b4a11745830697911af2fe965c0d87a92cbdf50bec22a62d7b8bcd8525eae1934f5d5e7fe470bf487d24141c4b531ddc0ab86710327eb0835d7595bf3dd7b82336c7020e933c7b70a30ec2aab4ade5c1aa2d210bda86267e284de604bb4c5854c991fb56f7c948bf87f7fb78c3af8d58dec139b8d165f9aa148659f1bcb13230a19f7cf3d5d109e45480104b5c7b76d9f0a991f8613f5348130ba9da1a81bd6aebc3ccc12953793b6c0d4954194e65094912a9bbb4ddf095c314d840629ecc0f40630632f5709d26a063049c5d8efaac5f29ec30672c7c977255b8558035e8785ac8c610a6865da1544f6c9a17e78e064f89b038de50ad1c6aab54bdf0ebcba187998930b58a4a5db2852ef06eec1e837defa631e5988cfea4c5b6a475f11f6b0b7d72ce63989ee91be131c287bfc29e36c921eac85f75f9484b6215cbdf9d6d76db108749622926e282cf739afe6d9e078258fefa2356b949f8c8f51097f608bd77bc687787ec28f58db2e8674cc1dee35085d388f3cf7929d117b4fc41aec29535f2e5e2b8110ab04e453b2891888181d9bbe599c4d35cf1eb2eb397f53d3a9df9211b7994d1c454faebea7f1a057690641fddee50a16fcb7acf34a2e5ec68849d62db732d89de952319f9da7025e10d7adba4c2fb10728512eb2c5900d999fe922fd4319a97bfc56551dca673bb50af6345ed418fc1b207d99077955f33e98e1dbed330a1bb10e5758dc89d5210534c878434e32b750ad78560e0829e5d142b1c921ec34abbeea5f3564036af228ddcf02d4b15a3122fb4eee01da9531ff03a5324693b11b488a4e46903b02dc3db3081617fdc684eba36e2e4c7de54e1213f1fc8dc0491b570ab488f2503984022c5b383a88b1eb468b3c212d8d249df113c42d06944473b4c9d3eed63081a1eb97bfc452463933b6f7f450d8312e0b5bf4984e74e221535766bb495e3617cb7e768bf05fca29f13f9123afea636d76fcf078bba17a6370f2966c7f393e32f3eca29be5534406dd89d65ee14d6aa0da0c6808a6eb075cbe065f3965e47a7cfd9ca42908a901384e2abcb6e3f6c5d64dda7137b246e40bbcb2ec0502da9c6fa697dfc38d872b020367f25bdb5ef67696150b752b97aa48151156edb21bd6e7d4abd3d174dfa4b40e12e435e49d6761f287c56a201d3d27244667f2089f705375a6f7aea8b03bae82e1e33f9a15aee7cce4a75b9b2170926c5003f64d353b4fdd85f11e650ae7491905a3561ec041722044ba03882e6412907d04ae5859a9794e716db5e2c98c9b94184980053b942a68895958b848f878db91ef14fb9a8817f7fbc41a282e17278ce7f6f34a9a67a5785745e24287d838fc70887c42366f2f8b653208d5e430a75b039fa7e7cf0d592f2d3001ca338ec517888ebab2a3d68328e22a03c6f08754828d150214af63de40a77c364ac0325e54937a5b658bf8763da6d0b335812bee22a97a98f84d08fb262ee1a5f134c9f39fecba23fb7905f8c4b6fcb92f67c76b5f3d72859077bbd4817494f6ceb7e94e3ffa793953af0493170d7e09b90436394254c3f10971f573821e88c38bebba475f91394c1c23eacffd01bd1faed96427f319c869f4556f11111037ba30513f8307f354e8ba223b439b0e03ccd83978a5359bcbf2a032eeeb785216900c768a97d42e569020304e60682b816f60a60f7d547ef01d61798fc63a1bedc0a7e867228e879c7fe5aad3eba7a4a28e2cdb39b38f77bcb999df5b0d209f295f0f6a38a46c24e78e8e2840bf34b6dd0464107cb27c1f7cef92e3c1e1ef1d8a6878a921daabe9485e604ac73f4cc7236c9604ea338de5b72a45c8f96f733e2f9c64aff49ce0c915e9d2267ffcd7d8cac6f9353ba78d764bab716619d0053ccf939436b47561be76e87a1af4b971259d9dafcff03778ecb15d302985427d98352040ad1fe2ec2e59c6dba5e1ac1b61d2065aa6fdcdaf51ed149b029a80e4f876d8b74921793959f78a85db4d33cce4f1bc99d5053da5ec39497621843dcb506833da1550acfbad8dc492208664826000cf5038251d89c75df0b5cf181b551f772c80d1487bdd68753d429cb96d5c2b2a52cb8f31802821edbb40271d042061b83aac80edca30841605134358a98e8e551c289c05ccbcb5a4ecca1242a9388e1f955d5c8948545b34688a1b0bc9ddb337b2968fd0aec292dc82f8c7e04f8692b965f46e4dd6b416520950b4f874d4a536f57095575fa08060fdb8ef7faf2a17da850a77fa53200c30fe5f57e932c22f3086941b8b470286b08b97ede94560ed6be86de22e44caf34826e9289fb2f95e5b7ab17c9b329c56c74213d4a107db0d07c34b14aa9dba6975d88d910b6f37d1b196407ea480b6bbef980231afcea851ebc074732335381f158ce87ac4ab3b396a2138104e92f1bfae974687a418731b338cbb1a8f84aeb3036a14a09f051d022f25f5e4f93b8595c27992a1bdda7d83e56aa40b1239738d0aa7ed7b7ab802343e906425362365fc76c638022ec10ba52e5192a333d9eb1345d51d0882bac4c9fd704b6cd9edc7446895d209e135d5cb73df9b0db25f366f02c22dccb387f42910d6412e11cd4e60dffbd8abc219140e04466fb949c374980eff15f99eb466072c3e95773a66629cebc3d22139c8505c97b93fb5f637204ad510c65f1d360c8459f1ed4815ac3a721d9defd29802f118eac02aa6198c0ba240997893d178d095d400f876bc3803f614f73e9771109c077555dcf4f4063f2da459b2f6fb20f445ff8b9064aaac21f97c55a66dcd32437069aade47f33ac14b767a4d2833cf8a55218e33a8d82ed68bd79e7caf21740d93dae66f276e32958d105844dfe58acf7f308f3fa948b825acc670c961b936187a6808a5c4c221d0f3c108e6ce66b1310c747e89b7b0bd9149040b943523d7ca4be68e5183d8a7463c81bb329b673d60f01e3f5edc8dea71241a52f94ac0d3f9ac53cd673ef842416465f33f215540a7691a3ce26575f6892974c90168a2d73275ac799b1ebf8ec1970565deddeb177b880f3e390064b8ca0ccddde8a69e93c8b5fa4e503b2ec9c29c7b6e42e8576cb8381e6b5581f5ca0c6ca00978e8330b90bb1ade88f2c9dc3434f4744f17da433fdc9e0971584bf68cffa93c37ac3c5c0e602e5d6dbeb9759f6a10657e3620b6909eeb1b27698a8f91889d9a5eee300ecc82186c92ee4692985c54553f881e6955cf2a2b6503a814fe75151289f4ae9decab3fb4f262ee80d73b39befb8e1ce47f729ba028f467b3d17f8b07909ae6e9dc74992f89093c6f70a4b318ac234a40d9f971ec735acf6e4d18a6146cf065e4c1565ab24a610601778bcc07ce63f2d318284cc7e29d525e4ec82aadf56df260e5d5baacd0164f6119defe91d1841377913ff5e7d6650c76d33a3ce77fc013c0d2ff67aa3bfb5fab17dccefbaa9c3e92bce99c3b6c71f87d3a9298541a05016b7acc7e7e149f457a520b5bb603179c9912bce9b045c3693c792008c69588e03a9fd785cdcf678f6c3162106f9b44d238e068521ba5836af3e7ad080048164921df7b5f05c140e58631e212062e30571094909310e35f165a88bd5392fcb098ba70cb14f7205919e73292cec819851592d3dc36d019ad0f107a5390d02cb8c05054d91d69f81c2f38ff57f9c83fd45a613f0df2ccd8613812eb48333fc7dda757d4b4dfd113d19d54eb6d70eae4427b356401d59a6b83292bae3e0c9579779a0b4d8030e29ca4bf33420fd1116c6c1f236d6a44446490c3d0ba1dda92c7055bedc377be477bbf1c52b364e56f72e6fd84c0e13eb676c9e5d0cf322fc8367b70383f10a6f37a64c449d19095d7857f55b8c484f950e39a95de93c6d46d2eb5eedf0ebf3674df05522ad38e95e7a480a06bc29f05cede341059790f4ff91629e89afedaa6b246c45d2d80631b4af89f830159ede6b487c70af1f2d1eb9aee513bf7cbbf7f1c13bd3b5a9f8d21a2bac6f3c8870ed4865f6c5f96d6ebcf066445e113f30239a48ed312ae8a9ab90f164d6f50ff3ff444d382abb0b18ce248a67fd326e3576a95bb1ef3d06f4f9d72b7d636fd170ed034e4bbe69bda007ffaef82e057d093b6d80d5a13f066d7fcf823866c097de92059e7045890a2dd1771ac4355eba7f689dd5d90f044857d3676b6114635d7356421a24b1d597b5989425fe8dbcedb1ba379278ccb5d5c9b39fe2c294e88507be88980ccb30301fc4e8b3577d04b8e8f31d977230bbfad9258b5e1422d700f04970ce9db8c2555006615a7c841735b2a3941ca3ddf383647faea9554cc95849b1613244f3187c028c7255ff9fafdcdd86c0b53dd315cfd5e87eea28afa4ea4b57fc4df7ce9a47a9843c72b9b0183a00ccc93edeed88108e75b5a5b468ec17c552def27e9c70a5b82aaf1156f6f4edc5e45c585c908dd92d38300790d8077b786785df4d1798c9db2d28a334080a7b82c05f09dfea3292e98d8998ff525c4341763d0851c6a9e5407b819a0e3e6c0e29b432876063d57e89ca54745f6b494f99ac3624e95a3eb8cb8ad0e446d691afaa71677f34fa008b6ec447d94cb1e3fc0b0b60f0c40b8799b5920a375c6348c08916e853e40000502e31dbaf754ab3da5d2c3966a4b03b5cd78252fbb4d2ff0f7cd4c12bbf63e3f9a4a6fe8fc954d026489e0b00ba00e9e6a66003156058cfbb62b8e8077f889132855f04c94b5a2cf82c7295f95f9abd523d1bbb694816a08fddb3a4eda21a7bd23107ff847cc06c422a5dbaac80e48419048e0718433e18dac230774a38517577d66dd9390a860c93cb312cd8c90bb0baf7e7e7161b4f55c3736929c0b202c0909bf558d51271917a68cb2555ced957a14fdaf3cef611928d67dcbf2a3a7bae5290d06ce571044e600d6d026ab11b6fee4dae54bc7191da7fc54308e813276132b2a3b64d48b5a7019caebfb33e9db7a0936e724007522fed38798b35910411f5188515429e1cfa27538eb458986d0a2e21a64ba0e4d4043343fb021376a8f893303feeb40f182f7365beefe5dd95fa999138ccfd1d864282e07f3083cc6fd6b2994643c6a949ded77aea51f5d3afb9b1f66e135c464f1314eb490a08291a949778c87acf8c1f1690d94e8142a56570ccd992627c0894f51ee6be795d8a7468e999b2375c640d96618c2463bb3e50ce780348c2d9d9b963e9198be769acdedb85a376d110c5bf3aa11a6fb7208f4c4a6915d86812862bac9247320a044256eae6160580a836e32957df45", 0x1000}, {&(0x7f0000004180)="aa20677d40e2c2dc66f2134469c65efa3ff49d277eb6e595790d52e64b2255ffacf03d5fdb46eb5652312ac1fcb79f9d712fa12d1c067292639571647582ddfc3be95170991f24810a2b23dc851515bc6eec94f8761aab0b2e239ee0791feb6eb460c41d0024348aa1c7dae4cd3e23e0dd20685ed81219ae00824e8e4070f58e53088c45a37d9f29f20967ee623e36f5d400e8e2d21e88a7fa29704125b0aeb865776c19cac32ea28c2f92659b7a41a5895e1473d7222cd1d9ba3dbcf1be335e735a0e4a9cc898b534c9f81a742ce244cf8354d708120e3305b1905bae8546046a3018a05fdf1926654f1854bf5c593b0a1f7c71155ce5d2f26ed6ef02df8ae8c770ee751d1ec4e64fbdeb885790078f3d22f7d45679ec49e8f9bd4570428f69abf9ec840f94d235ea3c80bb100bd458bf3d8c32b8b1595ce8cd9af5e7528579f5137f7c21eafd8324f0fd4d23a0bc58ab8d7a22dd7f9128cf6a3991deefc7302b5d39434d328c3ce5ade9e1e9623312d0e71368d44e6cea32a26388a4807dc1977db4d6d1181a6bdeeebac81a7602f99f4820115ae61bbc23195df5a3bad6a30002228e2d72035cac2e6d6b43392656b1f8a7ab087fd347d2ff9451548057d6a022f04d3fd43fb2145c9abded748ba23426f4558d6372e1930c43e36b6aff92fd817ac3ea64595d461a9dd965b6af619801a8e11a2f6c393df62967d50202bfacd7f80ed3916579c8115495695f69fe50b009a1ad7a83d17cb04910eb12ce585eb52540972f52a6add112492cdaee6e44309d62551f5a926f8b56f072319a21a32952649bca3785087a15ccffec95dc63dc2984fcc921e0ac7cd0421c61686779120bba05a05bf71ae3aea2583cea0625c984b7fa32c8054a379434043e61df020d47eeafbfa5bf1b5d646040441eeff139aad1dd43ab7e014f52304af7723de3f1b9b9317e6726e747f5e20bb877459095fb99a8d87d31804a0fe78b2fa7dbb77616a8cf3c09740eade46190786134f70880c8605983403462eadb2ee202dfabc06c97d32c8c64ebfafaa521a260d492e5634ce1730b5487b75cc389146f14d8041b73a549d1f868d05bc4e117a78b1ec04ad03000623f3305cd45549cbddd595ffaa669462fb89b75cbbe3ccd579edbb28d2d52a56358573d2dc1cf73de599f5dd0fc426f45c0e188e0164dcc6ca5401f9b67c1809d29f3df6a17ab8ad45c4c525247a3c0af719d980427d223f1a58970e66134f2e944f0d8281fe5e8a69500114d934ccc68b242cbf3a440d897211d8f40ff9f091c8d8db5524cb2c5bd130270b5cbbcdac6d06ffe9c75d006501dcb5d149638c2a7379020d9d4d2d2e8a2a2c9d848cb351562de692cf849be4177c3cadeeaf63c263c17723589e20d3af8b2abdf51e17ac5612eef2a045130dca227cbd2c77eefe9b07e48f09e60f84561d7b47391bee4cfb782f423a0fcb06a210d80b023f27890a4f8fd21b04539ed48ad0e0e89a570b2769bcec3bab9df3ff2044db58809db27c3c4de5836293c5f552056757792ac02aa73f51793787ed4775b483eeb2baea982b60befb5184f8c187d392d6ff926fa653b4775d3761589250d56f3ffc226922c22e7a8ef3aa17b4f5bafb17e9187989716032255fad457ebc59e74a2b3a65ed83e98bb66d5dbfa3a4b6ff3dbcad68e2508a282523847a121f02cf5b295ddba734c3f41b8d7396ec930d6181a3694bac21a3ec33111bcd90e6b2781d37b943b5f9a739d3037ab9e44840ab88ea99bfb42997cd275cd00fd2b325d7cbc958df8c6b1801f74fbc46ebf94e1840346e615d0f7732bfc56d73dd6f6d24d1c6a3b154f0292dbaecfa38c219724288060fced9e51dc5fb128a66ee4502ed76ee329b1e7d985a9f29dbcbeeab370e588b4954013bebf837ad88a10f23a83a257ea9d008a61d0b8a0a7e893ac7c76bce334fda6115211cfd1ccc0daaad9c70a5e6f5c652d6b088cc97034f2e28508fc5d45f1de2da1eda5e4bd92405702e8dc0323f4e0f0d544c5f2c8d92df648969ab612f96740601eae093342813a5ae6d7b45c6700810472ba2edc0da4ee7342739972444f580c516714dbc8def83a17384c0c20d8aa9b435da81ab751da1fb9bbce9fe3467d2b8d17de09cfccbbd3c4095897c52988f7ebc9843b8b14ff9ce72939965b5d67c54df6f07b4be2391da877bdc5ed1da5f1d047fdcf3f7ae0a0cf1b19517f9ef4b92f8a256d111b4fec760e1ebc87380511876541bf629f20902f80b8e8a88bdfd6048afb22795ee6b5853863779d45be5caf5de4731eebe7a7ae14613bba55837e8570b5511209a12c2c9aaf5cc5a19e0f74c2150aba0888b8e751afcf21d301fc2fc346a9b027f72f3a9005396db5a30bfa24cf201de760ad78606eb0269e53e6ecd83e709c50883e8781c664bb7b1d4c50d4c658bf5afe748855d1db56cd3bc97a4631436533b144674235bf0571713fb441a2b657183aa7eb95c9d4a5b7efaebd98587c71a31778945b6e74febb8516e7f3edb90309172bc7a0d42e25ea312b7a3e01ccddac052b9199be1751cfaaa60705cd29ea15131036c3ad5180b038e3b50258b9a84de60721a296ad8ddf38675660c2d00b56a059a504b8bab7cad282e3fd3342bd8ed17d0dec1545e06f3c60f67985c09139f2c73a887e4a8c6e3d3287abb4bbb0f5e1baf4cb7e9c510a58155a334058dd34a1c554acfbab4964f27b6f26ebbb789e58b78f5634d98008ac86a6216102689bda6814c3459b7a8073638f74fd59310f22e450cf4b0cb1b100239e8d80260448ccfffb6ab6c40bcdce2f1b21a187336934c57ee7c42d418438445543b7653648b8b941c587279e32125ee599fe34f7ae1a2383efb9beb4968d3373af6031aa67ebad134a6e67dc3f1ca4c4f0262f3a3e64fd037cfc3b2fa7efa4e5a81a0e70cb20479f2a0c0366a9dbfb0e1be19608e24f2a4883cfcd2a2b4b7c415d1c100b836d9fc2ef417af40a0ac57f3569919cc72a6563fd9c7ee340c1be4b6838be57bc2ab9a7468371a348348a57e6f4d1a3ca579b3ff74e6c6832600e7a847af3359195b0d50e1dfe3b46c387a07fa051742d2018d4736883e44f757ae1b1e64e5a992f8837483fdc6460dfb011a144da604f515fa0783ae3e139dc23c173e71c4418b6d1f9b10b05623430869453de9230a575f999aac77c65aadd42f1312b5c8fbc211c162eb6e600428067089ced688c2d77f34a46fff5dd423e0d82b4ba1c1b575c9283f2a0e05c087c790bb120fd8132a6732fdaaf29e3fa8b6c798b49e68a38b2ec53d45753086a7069eb16eb80412210878ad5ea1274d7e8903cb0d139ae43893bc01157758519d908149ada8db323fb01fb306440367a20f1b96cee6d9bb4f2f105372bc269156c3cfc4c35156a5de8bc52655dd4404def3b902510dfe7b6db8d5eec49ce1ca0161510d33e23401b98b7526cbcaade73ae1ae7624faca81486c61c8c2e204db7d1597714f3a3dc2c173c754d8d1f4ba0c0d5299662d51453178be81ec2c7511e6b64ce752e981126d3ab9c784e5d0fba4a8abad4acbcc7d16bcaa5955611e058264c69ddeca4fbe873b1724b0737eeadc92688699e550367958cb68fe2797551a5ce81800deb2b3d3cac61cefe51915d2c1b068bd825454e31a1dee59ebbf7b12aa78e1a127c4fbefe30d3170298d741afc6ada37c22c8fadb514d11fd89448735ce293be5c8e8c8660c2b79cf0c0b124c4db875cb85f49fd00e4c6998417f521ee5e2e09b29abffb1f66d02735b6958ba51e4175ba5e18aa488e65f69c37d1c49fd5771bb18c136e023102eba73f9671d58722ce44aa6aeba5ba694e6b1b4e8392d4f51f3ec73d279eac3b90b11610f751dc1afd24b6006e5be82f8be3167802a18bc1e6806a06bef5683368a2af9b12ce6e94969642aa6d6a8baba7689a3d342ea0a5a2621e9e8e93f3d0e183a6056d207fd4f2b473d2a70aaf9b1286b97ce5ddac8cc44ffa454c63605f173c3b352746742699c5204e20f355e6dd46185c1e4c06fe51e08cbbb47cb4ba5620466d4f41bd8b976a23970da155f89fd03db57a8b7629a0b085040ee26984c06dacb8394b882e4570120445be9ffcb5a2c14878c58ffd9724db79b1200e9fc937b3b0bbf98712bc625625eeb04cbc5557cc6dac2a568d0979dc7f1122f5ed171dd9a66ac86ae29ab6a5b4a72a03567a33f8cd37031f24dba976da1afb68c0bd51c2cd5daf3993dbf8ea066c37f22ef7b7427cd4b7169f6c53da848c23823e0ccff7e56bcbb3dcdfd4fbc7bf84d43cc05a7cb0fc73dba286ca980c25d2914766454fc51ed294d5a07ce3570ae06cc6b2f65f232af491cf1f307735466e5f787d1730c58a487712ba25853bbe0af54c7b8c4e21fb742dc7102ad78d78dabadaccae41cd04c9e941ba1e5da3685ed60a1b6425c8c205ef9c55e718aac224d6066c1ecb0a47d312001f00f6fe6cda4b57ac67c2b7152163890cf833f5cf1bdb8fe1ceb8a40a292e4d7feb89be93cf0e587b78b2d65b34db283a815e4608fbe1cce5d2cbd75a06f48e4f26098a3435f405b5bb664d034d6c194f29333c2579d1a0573ae52d92028a7bdd2af373eb0fc1f244c556e4bbabcd334666a8d525d3182954ae5cde11f2f89c59ca7c84dd1a9988ca34a1cc754132cf9e6bf869d9e097cfd3fff0ee8683a6a9e7212573a1e04befa28193d367f3c7b40467ba0af5a71bfd77d9074674f71f9ee3c530d5912e9deb6b839f4377060a6da3142c4421264e6dff2b2760e05a08b46d52c544f7f476524356eb75eba57f9ba3c8bcdc476c3fc79dc17992f941ead240c9b9cfb571bfe88d258ba0e7f46fe64019463361cd295283e79cfa0d99480d5e2d3654e924f2a8d5fa2ad6e00117802e0c973e3b58896488b1d5f22818b072926e186be76ee481ad13984662c030a54ed43a186c9dbac4736273af889b7ba199512d88eac576974318836de311f01190b8a4a4a3e99f8b3a087602de32be89a5ac9c9785728f6d71210bf8f8787ff20636399da7c2f7b096a3eb0c94d023cd7634209f93ed3701f3cccd27e1a5a872436dfb407f0aa10931754ee1729187a3acfe7e1632e7c603b4ca55ebfd9b968bf2ce59cd09236caaab63690b0f2ad2ea329edbdbd905531eb86bec23d4cbfc8f8ef55efb27894beca7932c0a58808b1008872fb7bca422f2bdecf494979b00fa12b80f003e14fa2d0fcdfb05e96f071a0bd545044e5719a4eed209886e3b50582835babf2f940fbf5717b72fa0d952d1ae7bafff9d1162a4c8ae8aa80807a51659bb08da80bd655090782de01984d05fa635d296e2a7f5672c462998c0fc2478a9cd46fc94b64558560bcc8d87015f700d2a774873b2421af3ecded137b96af91af3e29593773f65404d08560ffcf6bf281fb07dc3abd8ad6c0cf0fe5a00f962e6b9604619758d8e4ce8fa5f3a7c1185ad36e1e650310ce5ce9869fa9d4fc4de0a55d393e95b112aa2019867dee627f0466f4326d792ac36ef5d2fee4c41fa61462b08a5cc60c5271ea95a72a78b65e3b0b47900db6378fe7e4b6683fe10349f87b282155ed8a1aadbc523699ba739f4bf439da03ecbf055b09f11721bf3ccaa2e3829763a9cb508c00642f9e276efbdbafd7aa2a3a5f64316429da2d51064f6aa5b57e76bccd8f076324183e9e2e9e5d0138abe5c40a5f2761c1915d4896b2068fc7934540c0a894ec930272218f972a5d0222021976f1b4280e2bc9eae918d7c9468b2a10d16caccd9ef06e9f82c0d57236fd9f47", 0x1000}, {&(0x7f0000005180)="8d8836b263092459352282d0b8e705c0fdfac8999c5a292c414325b0b800cd0a6c046dd712a9db23e51eb85cfffbc36fe449b382d4bd96a7aa6ed691678b8824bbdfa80d05ee83e268ffcfaf9cf5342eada69b4be701f70a566ca9c82f372c8f3dbd14c184ffda941bbf4f81b8c6cba63bd3ce91585b3e18e05d8c50d24dc566521a1210522332cb3090096c3ab76abc9199a109cfede0f48fa03f28b8dab7d74bc2a27b5ef067eb319f8923bff82add6325ce62350306d8dda03149b9ecf86dd6ad6d92efaecfc9", 0xc8}], 0x7, &(0x7f0000005300)=[{0x48, 0x119, 0xfff, "6f5adf0c79b6da0e96b4851ae52827111a8608f51c42156b63309b08385e18030092c93f5c403b1ef795771e70e8f0e75b8500df09769c"}, {0x98, 0x117, 0x3, "b65e90ac500e5ac9239787d75ce4e5c600b10c70140d852ec734dddeec0aa9adca5aa5f38020ab013dd15d2e18834e46e6d3c80d045de08df4403fa7dd71e104de70dc0a6c27cbf4fdbc8b3b5b7e3062a15ace4021081bfa1ee2b0bc839c5aae02392553928723b42cdb7ca38ea53ce376199b2102e4f8e67fd9970172d12799c063fe8397fe25"}, {0x110, 0x1, 0x37, "05340b4ba26df3ec1a31bc2b7233c2ad405a4ee00e94cb65af667ffb8201fef51ed4d399b4c00d4628058ef9c302b8f5284c39c2e34d1e34df63195b1af1f242b54507670ffae32441542303c1f230332f7ca646d08d0ac8593eae82a8b5113ffc29d042821badb6bd9e864ee99431e5a413d6c4ea57dbc9d265b16f924e4aa4d06df8a2465d2509a966f40f42c823b326e706c2ae3cf2fec8c704e173f35584b6c5eccd789f2d40fdb1d859c17de3730f8d93266e162bf2a3b101ca1727604095f171e8c9efc656289684aa71a5c60a8640ef1388ff8bb9c3655fc040ccbb95244e55f608fee05e5060254de6524cab03ad8b08b3c528e79df0f6b4"}, {0x18, 0x88, 0x0, "2adc666721"}, {0x88, 0x84, 0x7ae9f0b1, "1a0c5146318343650626f41be1635dbd0ba497dbdf8d4fc86c9a3aebcfd31d994b38592a540c2530dfb6f5537def2703cd430debbb311afb8ffcdfb3d29d5f8231bb0f34617b53f328a684aaf55b6dfe5c45865f48e65af8e8223e192f883fa56b6e502cdbcfbe1a0bee33cbfd7703178c"}, {0xe0, 0x118, 0x20, "770a31d0780f954bbd40f53b536af249452b5ce0ca05733c33b2c4f1e3e462f0be9d28ee9834dfc25deceaac162870daa0faf20cb4898076b70d91a34b3b0b60779db20d7b4aab23b2361f94c61ddabddc69a6cd0f0d8b9a71af1644fa5733da5c0f77d4af6b33ba1a5ab0608e18fdf405d0c50ed1fa9300769a7fc244c02a8f906637e4978321b27d8d0534585bba6b0f3e380e75ba548056d6d6ed2ada21f75d06eb6247880df57baf51ac6480bac567d4906b72d21a8d5290bd2e041584e4fb555179cf86b206b7374f06"}], 0x370}}, {{&(0x7f0000005680)=@caif, 0x80, &(0x7f0000005840)=[{&(0x7f0000005700)="2d43f60ebcae4108b519755a0bd37d58c7875e3e052fcc81d7fe2776b04533653153e5d1f70a54cdd280e931576631e8b813bcb50f0962128b893bf0b95e55d33a01c57fedbc9c8223f7fd129e6a0a6373ba847b2fdc953466ff0fa77c", 0x5d}, {&(0x7f0000005780)="82c910a80100c071007f4ca37360a47b47d7cb1a887a89469298316a2003a61cbe13cfd6d81e2657745acdbba431abae8201e11e2775031172f7601a", 0x3c}, {&(0x7f00000057c0)="2d70e9172d2ae74387fc2e28e6a881c6d8e821f3410b8cf0ab0eb0f0e5b9fdbb8f0929e7bc04cef448e15b4525d2a398ceb58610167b242ce333d80155ae6710b02edb5aa07e5ddcb51846e3ac04c486", 0x50}], 0x3, &(0x7f0000005880)=[{0xd0, 0x84, 0x3, "61bd72fa2736ffe9e474b0a263fece5b30d29d91a45fc63a74c2d43624977cd31716781534a715ae0671ca066da7d2450ffc7d8d8f86600b01d7c049214f70113525aa3ed37345d7b09f0641c65e269a73ea1a65079b7d19731563202c18536a10fbaf91c3bba1df7417ffd34d95884f4ce8aa00695d98cec20ceef33dfef750bbfffdc546ba328f7533f7189e5e0f3b9bf07cb5b20ad00fcc1471914abda0f81784fcb022bf3493e31958e77363b6fe434759850c32460418d7fd6cf8d6cf23"}, {0xc8, 0x104, 0xfb8, "6f278e98c678063b2ddc1edc999412229e37afcc9fb3a55a4ff8bf2cbf1e83170d3510cd82167ce4e8f5b450dfebf5b30c4bb371129681b204e1451fb04e4a8665ab15f74654f61cd9b38def19cd0c5ccf0e0c933f4758e624b69c1161edaf581cf482be7a5e00232a22c500b3d64ac1320ea6d57b6f4fa81dd8f0c830dbd6ce054bc663aff430f0da2b7c26b77aa58e6c1dde2bb24847a8feaa39c8b41e1939a2735e3e8e54771922faa70f4098d6d2750c3994804ddc"}, {0x60, 0x118, 0x7ff, "b7ece7b5d9036f4298d74683a2d94fc89af0c4b6b7788abdcc6896948847cf3f6222e86f6ba73b646f784dbee6830a333af384db4e1dda4704d848feec457942837d317d272479617b5cf56ac4e8"}, {0x1010, 0x84, 0xcc, "f0096def59dbe1784e36a73b6d203430d1917b77288ed11db08765fb16209b9466e723dcf3f43438eb7fa3a645ecd1105c5dfa764b6512b3d65e200496b85be361ae67a2f5e1b02c0efcdff63a31c13d4520885971a3eacf2b8cdc7dcba122dd69ee90a4de126b5c9a72bb52bdc6f9518cb2f07dc5ad83d5a91b66f0c40ff0d65adea45cc74eb0c944eca76f391efc9deb42b0b6758b75b6a4881f2fd00119d947057ea4ba1c35110edd62b45a31679a60fb10e4386573612abb291eda20e19f190ce1c874c2b3b555cc513492fdd33089c2addbb2e03a12b4ab2b0c86af7b6e4b9b546fd2571be5f3ed39e6ec9d53f3cc85fce3953441814377375ab3ef95727593c9d42475390ef49542ea1ad0c9ae943ac60de77160dd2870f5dcce513a8d1744f532756bd62aa2bdbaab002ef798005ebdf2ffcca96b8844de7ca7189ba83c13cd2204e32c8bb9118bfc237251f0f6834c9e52c18163d2684bd8b667f0e0c15c2ebd6a3e26014b0f75d2311c800ed21cfbdc574f2502dd4d769c97dc77479b12189c92bdf4d8cbc5f41a7eb328bde3b6aeb2685b8df8222a105d0b4a80e94c435ea4393306d3b7c7b241f4d1b5ef2408388c4b9097a461b6fb3ba4236243702e005bab9b1568921b96549a00d85c45a779fea7a075fbfdfecafc6e5ab2f149c364213af06f8e8acdcd25b496f014451d1061a866d869c1473d6877c5b32db441ac2d324c2029371c7aa79c4cc7dcf5176d189cbf66fdc4ac0dcda7e73960421c81964c4a93494c941831403eca874cfec80065b05e5a05f0da95f205074097eca337358349dbe8b06858de2275911200fca76b96220fc3d31c8fb1607542f96373a57a3339cf9a79a3b9f9eb97c1723cd4564b3b5cd688b00b8bf2cdb0e7f5f6f8eed08c88108181f4bc8968ecd3a596896301a470ca36ebc98ad3da978a6c4a58a39318879bf401204b8ecd87c60ad59dd0482303316093447de317ae1edeb5ad169fb7ec32171c09b8029e75eef560abc6092e70be83f90c5a648bd6323ae904404d5869b9e7a46d041b6af89d33f979daacafa71317a9fd9e27cd6f371ac3c2cb7edd78e74724fb9799de5f1328c426e492a6ad4be5603b54c77eebe0e9d7e0e1db5074bcc916e0a0ca7a17c322f0f83377875c48f478a19ee0bcac1522a16d9b58809552483ed7c63246f8d3c693d0386c77048c52200a1c477495eb24dbd4211ca4a517a505bd37607b0e097cc0715a17db1162408f55710b3378af06686e49c12266fe93425c0bbaea65b145b3e9f8bb7af7105560fe9bd5251129e772b98e472d302adcc2e8edfd25ca8d0eb8e9ab64157c590340dad6b27ead48223892070f6e244e40d56676996325803bda910466c4b9ca808db9a19579e611010dfd3e83fd063c8477148b0d8d49bae9e89c6d9bda508be3f801794e9b5445e1929eb20eb2825edac9ebf26fdcbd934052500d5b1582da9d4260a0bafb21d0422920d180a70e40677bb5d654a0da308862d68881504c72ba94124ffa7d6b618687113324e616e716c29e5535d1d0f2333303160230ea579985a74f8ce574ac1573c002858ca03ba9cdc8a7680e508b0292f471e082a169c4b3d2651f9adb5026fe56bda5ab245ef658c096afd5bac5adcf68d4fa207d6bef6ed74e11c12bfc9de9ea1e7b0455e0c1beb8dcbe4bb62429e41924256a3df3fdf8529a4d7267c3f1815e64de9ee416d3a6fad3c149402085f68ede436b44acfe4b6158434a4a1b7633c86291eed53b4b744a420a824d8ba78a71ffe3f3c73d284e02e765a417b504428c30852375448d04438f46d6615f1a7e63e6d611e3e3f21f47ce091dfb9b49ee69efc4474899f6a7fb623e30ea1731eeef29fff166913974d519612bd3151a8ca223e0eb0a341627982db9f31a9f5b0061bde2cbf92d901361c522a409ebb6f6fe81f47a17317b941d402eecf99c713b5853a933d8859ce522902553ee3962e373cfc1553e6a80a5539ddf365dfe401f32ce4501f319d697f7a1525cebdd671b6ac0558f72c5aac7350a950a95f1906d2256957f91a801ccdaff505336db00fe0535c8ca82e3f9bb30b3155b7ce38362db753fef0025a6291805063af84788f4405000a96ad8ef5a571b43a9fb90ce5f2b83dc88ff2a9b491020671bab35fd6119b82c131da300113bff0c2f32256dededf045027d798567dbf50ef41f8497ac867254fa5f24b85895e1322f9e3676daf2cfb37e11c827af4890dc2441eb242e2c7226062eeb094dffe3a6abe5bcfeb6fa3efd3076ee2c17a0e7c90e38fc32f9b36f70652ad4f77c05d0a2df38493d060359967654b574db34d83c50bc3bc5910cd8fbb773400151bb77300084779c386bf5200dc7f9fe93f44e1a4b98e485525256b45be809dc74ec2c72224e1f106a316cf13fe70b4b5117c2f009b7aa645170a7e336bb3b76c973420da1df396df46fe6b86a344696cb204f4df0aca2e2da208020644ef67d67bfc8dbc100a616f0c83a707d155a46c7a969dd6ea6997ab97ea6883269c0e85326ce6b1e40d51916853e226a071b9c53ab887173f323a6cc51cc8e291950207f3a9c3f4f14a57a268ac9de99a75e701ab1d92b7d4b156a3e3d84be89b95d3d72f2531329b0e876952d1065ee4456390c356488be60eafe8ae68061737504f270a7e7be2b6d527b95e0898054481df33e4a0fee9d7b8138a6f5c8a0df104b5d6f3d73082667ed29b5ba0cc96249acb4d66a1da303159e043e5b4be02b41de2097c1ad4135ebf3e5e70f3422ae88791d3d3a0fd17c0d05150eeb26e7097162a0699245aee9a628e5bca519dabcbc572098599896fcda411ce1c4313cf7d4b4ebea690086abeeedc114a86582137d248e75091125c69e67c180b11dcae343bf227cd23f73735f37069d1014261adb6a8cc3527622a1f940d31f4c4e09a54d00d7cc06c0e4ed577785824191bb8f4fbf79388541d738969c99bb768b73487197b9c836f482270e1a7595c21a0dbdb354a64d925a6ebf5fae49904e5a2483924468740b4294bae3ced8ec7b2b82deecfb6bcd65b5dbddb004ff01073584e078007688207c3f8cd3f15c2b76a946b2a737fba5001a9849128c1c5627e112f74d53fab4ba11c889c01354fe7c597c57196ef5c17e8abb7a311ded98567f9a4c8280f5230ddcef09c64b0b1968829c3cbee53ed541cf956b256cb9f294a0d14efcbda9dc0f8a991a73767a88d6e43e04f0d347e038834c1e8f743f146b5dc06b1d59997ba17c3474e6aed1f3eda35db1ef8f11393ec2492a1dc4887745f44ae15651330006601801db6734430505b83debe4ccf81c53b190903952a60361f50985cc2739016002d7dead8d62f5e70988a3b85f6331136328c088d3f33c4b4c767e9ca8cd1bfd78af9478c4cfce71c42b9f2f9813fd7db687dd8a9a2ab809559c2e0c7aa66aa504f0822a2a8acbe5ce2b3ee81b27614cfa8aa13d3099af3432000fe5a9edf913434832882249668cd0574e865f301842cf2873bf9d3b7edeccf25b0cde9da93cb628cdacb2ce21d7d3e26975bf4033fc796a8bfef200e20861ad871b547c4949f5fc594e2174fe5e031afab19414f9b38eaeb978b5d6d4b61080e2116a098d7ab83712745b4f498d0b49e53b97d38a73f84279fcbdbc19d4acce148ff8a47eedabef5203802d9120b0073976ea8d999c5cf343f848f87442fd8df2d7ce35f8a2fea07e524efa0b8675732e1442304a2627a03ea02e3e80bfca4c48c53431a2a487c260c725e407636528e00b5ffb443d9f72ef6898111ed816122b77fc9ed4e16b0dff630ddcbb7399a45ca845ffe742dd9b8c1ce5a1163e2e40c3f7b1511ce47308a416d3f3b3bcf1e654b6323c4767d2a2f67c1870a48a10629cb6fb6b72adfcb3f64cab186701bcb9edc7da44528419662dccaeba03a6b74ce3dffedfbd72884d5ce82968aa29bb09e482c15596e193088875a448551155506ef5654e25c13c4ec20d76322f500e29efd8d3e89449f4ea55000cb2cee3da8dc9da5ea4af797dbe8d8415253fb6106bb4526539731358d15c0bf515ce626eadc4e252fa1832b7d06abe801fddb346ee603ab707b944c18e15bd66b958ccf293cdc78fe4ac7e9b0d4f10941be2de71b9dc59fe73f3ebcea587e83e6ad85244bc79140b655b5c3f7bd923ab9e17d61602f6f86f18f28672fc475109103eb17d1e7183e14760e919bc48197fdb881fc7d1f8225ae2657f0d3390780a103e00327082fc834e39c016671bbb4be7e168b5b09234c9f9e82835da3e91766322bc9debc6676d45e957749c9158577aa0d1d2f535fe075f2bb7fd2a8b8d81d89cdc29cbee8e70ba68da2ac591abbf0bd52668a4d7cd257d90f5e9b00d5f49f510fc436936cd757c244a72c19708ce2e89a2c64302881a92a129e408bc7f85f82ea063988709ceaf836910b11f7d80f473d27d695e58f74cada6e070481f9455d6ed342900ca434581727cd302700caf476316d7ce649a1957a4c014090dcdaef08eac8549d4fe7c609fdb20a80716cf8a89597e3263a2a502b74f8273221c1fe0146308dac42d67baf126f04e964c1597b325ac33b3b42c6e878a585c7758ff9b526c0f962d53fd86ec426dfab65d1173a428137be2f8c78bd93206cfb4cd6ac0f87ae1278ed29eda5436343e4b6d32d7bb61f9940c675587c6f301b977f96db8cf1295ede65024449fbfa2405e8035948ec27e8120cab8223b7d2141a91b6395e689045ad239982b8da8e0fcb978b0f6cdb530311111c8013eb1a08e46c2d1d541efa9230068d804297641f1e5e72f21eaa9481b495e649017719927c4c6d605c922eb5ec3a71c0de9f5a27ebf52c4a6e4172301d3b3d78f765cd1d40f23db9321f1e0b22d094a93d4634e981f330c6400f961d7af0e7190b870372c9e1de532f9361d61855ebad7b988b940f441fad22703c44392cbe7ac7c7f3baeb44fa4e28947f373c29761ab0995da68f0923add0c0c486994a047e95591c95539213664b860a22887485323cb550b2a7b52e540d6fb71da96a7c5244d507d85485cabe455dad37c7553c83fa0833c1b3853828c7fa00ab847c8b5a351d2501b4b6ebe35c7fe457b046e047839a398dc8d91fdcb4b961b3824cc22c06068e771721c9b6c93b97c989e56fb1f76db43f8e5c063a3a73724a82b60948f025301ce72bd840c4ab597d68b03c73fbadc0244e6cf9bfc6d6df9b984413812f7990302c7b463c0e94d4ef07650d8220237f4d9a23ead7e5965f369ccbfab7378dd1fce1e1762acc899806aa65e92dba06a90b5ad9290b7af62947658d20b60b82ad0d9d54a17e80650038e86d74d59285082acba649608f86016580edbef056c1d9ee7359f82c98a92551d671101e7c47639d16c09acbfbd369306ca2c4a0b734ec82d479a33f9a4ded53508fe62b64b3e9e13d15df35f09010d8731a2c24fcaf8dfb37438eed5f98f37380b454fa1e6becd07785ce1635ddb7a2873ccfadeab40734daaf751f6462dbdaa0bc2a776f694a632dfa4f357ce8c4d8800f4ddc2137794baf2537832b53c240af84fa5334fa494604ea85212cfc836b8a1442602bcdb1eac5f4965828572c8ccf21c6cc5bad795bc7b77aa3176197e5f023f5217d3a2c63a9c7413ee6d0388f4d1a5c4d4eab9ce04b64d394c5611b4c9c80beea94c3992547b83985ada9bc0571e75dff5565ba9902b99f0fb002a52d7425e67c3b5fa2492d096f7b8f9d8134362586fc369bab6be1b410483c3ec6a042bd9a1ba58fca3d8ee"}], 0x1208}}, {{&(0x7f0000006ac0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x80, &(0x7f0000007dc0)=[{&(0x7f0000006b40)="01efaade3686ec5363763f7da6fd74d01f924dcbe5a461d046ae15fbe141f8ccd9532ea432b0140628aec19ac300030270c6f0c633b66aee9f8f3827f1b7075351d1e7f4c77419ee8e8a884832a109c3dcc8337e454f93cd0d74e0f8d3c0f46cd3adf2f6069fc0df", 0x68}, {&(0x7f0000006bc0)="1a1114433b27a5bd60a655b8ac3e5d15b018a1abed9814ddcc2da14908d817e43eeaf3b21db6fd5fc9f2179bacfaff17ba2592abb3556634c728ec8740c23a598301eee840cd8f4aa9864f7d7824177f05c8d45445995687d68f595e70448f5ada494e1bc9271a8069fbaad3c6d17d15511dec41e0030dcce7a08888d4d57deecc1c43561062beb44125e8b1506b7f09eb078a52f0eb6fe6bc2f64066407862a74ab00f7a8404e48d32eb933a7b8fa7e37debc5583ab0e98b9e9848c966fc978a08e375e60ddda3af21b6c818110d56e7ed05706ce2fbbd16314fce4b188d289dd06c7ed0f51b38732326688eb4c82e9924a40283a659e18fe7725030705fc4ad9880af900b1234fd9b5d4a7383cb1703bf58b3db708228368a019a263a48f535cddd54bb6b03f8ad460d4d429adcc6eb3cb387bb21294bf724187d18dff7332cdf74a9da402fa9a836cbd4cd6e9144d284c38a68984f4920685a5fcddc28999057891a04662051c42ae2515d9e8efc0d0f3c7ae1d087a31540bc1e46f3ae46c8254a6e11385c8e2b6a06e8c3f210ec944ded00d1e1b5168017bb73d2dd303d9e386c8e17065ca653c17d8f431fdf8812a9efdd73906a712fecd524c033db0b27710f100b8db1bd101739f42a7d8734c3b8cf83c8a397f9592efbe456fd34b7a635968706a5433c06590a3b953f3f62d8645272feffefc92beb91eb9eb618bff9090bf1047ccb369fda2d8f549b61bf82b1a80d7d354dfc88189cadbcfe7fd4b343bf98eae7df8e8b71f0b0741f3ddb74514e4299c87973452487ac263b33615a054d5fb587a461205c2d454df02e06c058decb67052f5f0a0232c9d1be3c62e5e3d9073ce2f4155385b3e523a3ad839b1a6237e395b40d24ae4f82deef1cd2eaac3a6e5641b6743246ba76edf6f529f9215005a3679b98f0aa328af4e797b92cb33c711dbae66fbef50f82f61455309a2b7da0e7bc7eda1f495754838c057d2ca78b9c6ff5486110da8a0191d815201d06451d103c5a7027289fc741824c640697fe2089f49edc0ba7ba10eb0efdd3782edac595bda3aefefc99607c1da1d6bd8873dd06f3d46cfc078ecc571e6dfc3de4de642bc55646c52812e6f65122ebb866379e1b4ad8fd2e3ee0b4beba5557c1b8b41c7bd694f5cfcb304bc90147cbabd0c01f37b500fc966b8d1650fe59dc85fe07d0f61f692448a2ac5db5adc4cb9f41087ed6894a1cfa675ca65d9cc540224ea7b477bf0b3aaf652fea1f6ca8e341787f1d92e79e514331eb821dabb5f80f9e23f58f7f8dbda84ab3d346d52a11f97dcb2a55d30133dfbc8effe9863c7a4df03da5195d0406d80944dd6f2ebde58813358217080e32f5019ab4f31288028c69226d7cf7a85db1dcf8d105402edd55677456456cca85ea3e0163c9527ee0b1f3a8d0124f0b1ef3b71b8cfe2b3c8c1bd4bcf1dbf263f7607c7bdc805b95b4709d55f76d61750449c13c4f003229956d3cf4d9e1dd72765e0f2c3d547d95f6a487e9f041a334322c2a1337b1f371fb9d684fcac1bf029b4ec9f6d57af874103ffe53cf0f277e3ce828571bdc79ae52e591ef1c4dc146090e663200e9275d478d475e75a41475c235970509a4cd718883e1d7829c574d86ac9015a3f94d381d349fcb18e61c5ad385dade11bd510d000d5cede97d23d0ae09c58001c374ebfa7ad839323f85321b46127650be25f9225e17077a880d72679c9bfe78711ca2590fea5b1927cb0532e1348479940ff562bec6c778af236bda946c43d6c80a6a27fea57d17bde105bb201cc9065b611bab93fe64b69af8beca04034a11a1435bd6b7898594ae4acc8330c7c10f6895d8b26c0c39c5ecb5d285ded3d2ce271562369bb25a15164c5d999efdc66dbfa0e1ac8e92b873e4d08f4fd9d63b0e36afc6ea2a682de588656e0187e82a72e32cdf2198a3db6ab2e3847a4466f4be3a3a65ec37b3f61ad1a4181b31115d38521c0315bdc4e569c08d01a401164bc3b40a253331480e4369214d0d41ecdbeeb54118d3fe04af02cdf718f14f02e13f00172d930e152de408d6581950a61345bf98407b3b73570fbb79922c7292c8c3fd83662b6105db8f39834821ccbc761dd519fff3c18ef7fe00b62c5864ccc6a2154a07f500e2bc46f83cd10425583f8abbf21c6395b9cfd2eacf14e567bf1cb29c87db599bd1937e139f0f86d358d0b9305f28d3f9ed1bacacbc8db184db7cc411f0a8551b8e79b6bd95038452d7a4d80e55e2c7ae0008af71d0c247d7a0519fc03e81a3903762dac2ffef7306e5632929733bd2ced769f9d7fc5cce7e03c4bace78d15fcefe9b48cc27e7de3b70b604f063cfd3293c9dd7f8441a761a5d5eb1a5e802a79d97b5270cf4bf2dce245dfdb72605b29b8102c0026bcc9bc748b256e7295148d251c3be2a4c23f119a62ebdb8be6a1324fd216bb54eef568f92a70c6d0cefcdc289f8fb24314bd7b3879c7d916f0bea0d389867d67709f4b1d2507f6b1d3734838ca7ee0a5b89a22342ee83f3225a0551eecc397ad8eadac9b56a030f97ec974bdefbff582cda6af7ee0fdad885ba2970a34c1b8b95f69c12c1c141c5e2b838ce45063377b1ff6ef6194500c41753571bd30728da296fa7f096be7cd2787de16d2b27c680879bf26490b6acf0dbda259204edfdc371b9f37640f7146c7549e36c446c1834947f9d964f033d40973b4d5c08c487feaebdc6b20e4eed1a52aa6b857341b41455edb963e0cb1e529794914a561b99f79c448903f922849d8e00202ac9669b25606d5483f1bb9573b64af9fcbdcc86a1beb668681e6468f81e9aa1c71b07f31fcd5a1077dccaf91870229d92a7f3b97825d54cfdff4b5077b6a24d320b8bf19923845bd19dc105b073f13539329f75d5135cd8b51481fe9b20b5582a7fd2c51fc2f23b80ecfb19ab4013281a92eea778ea495cfdc0a20d6e3ea11b3f4c2285aec3b7c35898dfa66bc5e679c7c63306e9940a542bbcbb6a5adc1c5439d82a0f55bb3d950030217a6efeec139b3cfe1285a56cf3a181534334cc3565f72573019cd3088d4c570a3773955933c077f118c4b255f4790303252de8ec46cbd5bf822cf23300ae66e65d330d2a487b9e22c394e69db559b5708b4ce43b24c8bd20de99e71f4b7e67224c07c950cf0784b34e87823eeb5848bc7a1e550619f897f698be899cf1e92e1354ccb7f1b3de64f2f0472a33747dc68e70e11b27b03547cf00be375393614bfd02767d794dde34cb9e5d55cf5b9493f4a83f11ccd396fce0b9b20914767ed3c23aad0533ea455beb8813ff2971ce27e968268b1dd5b2039e02d8b4c20cd49a3e437c7a28be53c7a4090ca8c869a5a9083ac3930a7a066fa44d6273463d971a30ae9ca4e16e43061194d83096074a7a3321025b8627e2973c463f600064d1b16c2bd8eef5b61943410e97936f2b4f1d98c02a2bde2788d6bb68cab4214c1dce13d73c71400829d2fe89ab9caa23975cd3b8c5b0ee87639354b34b20d90256106261671719dd29b6baf45043da959c758b9ec151bccd13639cf7d2f71fc52a5b75fd1159926212cd2fe5376c504ef0280b3db7672387372019174624d3975538e4e10875ac721640e1c69cf2b0578c83d08a8086ad940744cff10ecaaa435d5039785e8a1bc9815373827878618c84e33cba5947a70b054d5efb457e0f915e9920f1e84928a08da5bd0638ae01b00c2feab60a1eb76ab9dfb94d3c81049a0766bec8bec4d833ac95d58950bf5bfb422908dbdf520d0bde15db2157ca7c16e44593de712573a0cad13ea53088cd0e2583beca6a7a0a25023bd8efd25f56b7b42ec3f496009595edbbdda4fcd5184cf8c9386ea348d589e043d25444e921ba53b8c742b7a1c489c461a5ea58b8148a93a953972dac8d00f2acb847c758d126ec96bcff242a958d45048c61ba28fb98d82d7093e60d906e37c24f4ce77a6cfea5e6754e3ad1bf9f1559e3adfde3ea3d5cc5c421c543aa652f472f7badac3e3ecebedfd853e155a528ca8357733db6029c09da47cd6494145177ec221c056a4aaa983809724b0b856ff83d961588e28d67ed0a121d10095de85ca66b3d9c3162fbf9226133736c959f857e1692fbec992dfc0efdea7b986f309d5f97827525dacf0453b5d1033c4267c9adff20814c4a3eddbdba698f0b25a458e41769f285a19863d72b3493385decb634d5889ac8fc60cc599797907aabf591f930284302bf673977c51384a7188ff1e8aa84dae06c2496e9d99e4dd9b71100b7d55a691cf63bffd52c862352965433ab5feb367410447566d71b02421e53f07d4725db750956ec04ad153615ca31365bfad9819e045b899f4aff296923327a1d2eded6e6404dcf373b48df10c42bda3b7fcf8831caa45a4da12a10ae7918c5c2564e9302d05e0206eb916fc6a6d1815d238e7c546a72b5c5ff6095d242a5891f83caf92047b65cce1297b9821faeda13436dfdf3cdf6cc83a2e7d11773da6f867ce14d4f39e967646d77f63529b2a42fc80ff3f1aabe0bcead0d881e419fb6b4f36d20229ad36fcf95f3823f88db616f1cb56bb291c17319d149fbfde23da5f371669d34c0532f85085c6fc42741db1b59ff743e44d8700547171090853e6b234074f0f1d4b1b8755b0f01ee94885fb5e85e17673289eaca3fa6804864c22d137daf31ee284f0879fce7b0983fca21957a1c4e286dd28f5aa7f5eabff61e138a90d40b4bf1bd22cc56fcb3b33d84d85465d6f35179f9a16654d7c5e01370d42202d890af2e61514961dbcf9de38d95378c8f4a2bdb0ddea5fce931de0e7910de449dfb7b0a50f7f400c12034e7ac89370d67a5368d1d7a7e9356322ea156ce45c0ff9c2cc27cd6a4e7844d86404e5dc709ba974fdb33b3af31c20c1a96a1aed64bcd7a3eac42f60540f8190d8e49dd4cda7c5fbd8a87dd71dcb5fcd027e581dcaca8f6deae9ae3d44d54a6819d77abbc866d432662bc621d7f83f4df04b49162addf154f0d593c35e65a5362f84eec5a43c1b13b30a26f62deea0a3792fd6c671feae3b8ff965115fec2deee351b0702ac18682e5ef4a8a0119d626c9dc1c361bdbd1efd9fa74a446e3c9d034ff7f6be0f7bb4676088a70c5a94d67ad43e3cbdbedef3e98d79ceddec783a5c44571c340d394cb0f3a3c82864742dddf1d3faec6d67f45382c7028bbb22ff0c0f34c50bb7c62bffc683f032f33a3a436761b9b805e44de5844c44a5b77277064a8b924e15493166d11cca77def832b69f1600b4059cbd67aded3aaf409198b2ec280ec264b821e4b15218e575e6da5bb307595107d3aca763d745f00996381c7ef1f8c53a9aacc4c57b1e96cc2e6c2a5c0cfe18add3bc7d1fca20cf8575c91e91a8e4596291c0c00d1927e9336e6894f2af03dfb773e45c1e9072056651199303045c892c8b9d758a72b0226ffab0c11bdb0e7869394d28817e89b0fc816189ae68ed1d5131fb63d60fac916b8ecd2241ab2b3733006d892928fdf20b6c737b0333e4251bd64626637833fe747cc09f2e717a99d34f2774f00c2dc510251c5d98137964f8ab9062260211aa71a5e2f51a22bf65efb3122dbcf950473fb6fd67d84fc62f9ef935c7df25a2a98d8d628a772ead9516a5f85fc822663c439e961644244d9d335fc898658c932788826f972bfcf6435050232c35a95629a6961bc1f84c4e66b8bd0a29b4ee55e9463bc4e9734d47c9b4d6c76f419c10062b09a4bc68b9c3f7d3352397a0d369529191805fc0308f2026ecd07d02f32e68e15c7be6ded", 0x1000}, {&(0x7f0000007bc0)="c17217ed3fc125ebb6331317894d0f932135a4c107e46fd77067c5e38b79784e5ac6fafe4e38bf934e150664e3fcb8aec768108bd023592ebbef1c5712df56ef8f44bae3b989bdcdc15a416687f9af41fff9f45ccc49e32c1535af5aa357426a24b7d766998ac3f527281aa2f6b85372217a9200970568fe70ea922fd00d0ced1942a82b653f5aadc0621d19614fd74fe82e2b331adf38f21b7d9a6d19352bade5356fbf3905acaa0716c87fa3f00ab0537a35b6f68085e5a878e7edbf108ae198c5ff9a025ec5953e0e98323a204544b06a29e65f9941d5bcd421f65058b5d12f64d987c0", 0xe5}, {&(0x7f0000007cc0)="e5dc033c2796dd994909cc184eb72b9f42a446c77cf02e3d848c181df2bd8944fbba82efe382103a1f8be954629ec1be4f37fb023715a1b93dee81fb73f15131be320d85b26d03568a2198f6a15b3016efe0fe21f22993e2cbd368e11d4fb78f15453e46474fdbce2dd505a3ead9df22de5b8b71ab4f8b77fad7519b87ce6fe2d821466d0a8addd5fef73fee4f34998b0b3fc20131c78e6691d7b7f3fb601b21ea430face283813df4f2d43abb455f1175f7125057a3a094b34b9563b759c77fbe25708184c2d35f9f5d846f821556affbcdf04ab63a409569599c95d81127a043d8c98918b56e8512bba0ce2f06d1c0", 0xf0}], 0x4, &(0x7f0000007e00)=[{0x50, 0x117, 0x3, "893119ace47b93e12aaa1f30b4605cad238678d947404680006a1296d39025e18130b4c63c170697e1253440b65072b35458f3a6b7da07b4c9ee9b0bc127373a"}, {0x10, 0x119, 0x1}, {0xe0, 0x10e, 0x5, "09f99821f2ea36a8c39ca52d36844a2ff5dd0129e42b01afd2a4981304ddcc56d3b32c4604359d4045c244650fc59655f27214bfbbe3adad9e985880f7a6e04a9d05d2e683d9379cf8f68e270ec7e8a012a3a6fdea7655cea1638817548fd710069a218c38731081afd58dc37813216cb65e994a07e4a08da7a861ac9a86ddb46e7f13d9c72cf81677c41df9450b7dd7156fe60309ac610ffb5a349a400f978ad5089a9725a388c8bae6050e8ab49222222dec6b05ec0363034001fb797c4d97475294c90dd78f549f749a"}], 0x140}}, {{0x0, 0x0, &(0x7f00000081c0)=[{&(0x7f0000007f40)="c6e4378bb0bd8ccb8987a56766d92cad29d71722c2bef93f5153d178ea96013ee91427f90d9e0534a886d07b96eef99c9420888b84e053003ba35cfc6339decf45202ffe8b344075dbea5d59d6c6ef75bd59f25822b08ec7f096559d48d887d9c396ae563f5528299925e226ce15ce51f4aa2a6174219c2e990b49d12964125822b840eada635834ef97e95825b7c99f3396cf91cc4129378381d7cee4a41c4f4de1", 0xa2}, {&(0x7f0000008000)}, {&(0x7f0000008040)="53c067a39bf17cf82809e9d57fdf77df4330301b7d5ffefbdb8a9eb69c2bef5665135293d116bc9a17a1ae916f3e39c7ef5594b662fada9982ea1e1862987b9cf5a14b6e9c2a8a357385900c9a9f4ef967f85bc3f83a7208c9d7579d6c77edd90ff6afb709c95a80ec7c1f77201a1629606198cc07a9b1f637418d86a8d579990e815aa238efaa", 0x87}, {&(0x7f0000008100)="b1422ee5abed50e810029543d37530764b32abb595b45ce9", 0x18}, {&(0x7f0000008140)="3d811f15c52199102107d19abd6b8d0d9c02077c543a188d6267de3aa3ebae91ee9061e1775f9cf24b174f61d4e6154b48b39d80cb5edc509bd57fc9577e9dd3f46d0bf044aa2a218227f5da1cce6da254aca6a15c7afb927b14cecf9785b59b3a78d07b94e6a60547e6a8ccb8cf2d3af1e3ef0c", 0x74}], 0x5, &(0x7f0000008240)=[{0x1010, 0x111, 0x17fa, "0e78ed3924e5e48d211a7b72286041158b24e73ee09d5006aa238d730175bb0e239129e447512ab91a5e8f09e0e8cfbd8c75ac2847f75b1393e2a0ada9f21ba29e839583eeb1f7083cba34e1dfc967ef86ccd93016705dfba2a863927eb991cf67300e708f5f9f1d0c0e355b12d87ac61e9d4592e8ecef4c628c502d8a2609f98323c2ff550a4ebd43956f04df47044c51d2569dec90583f25d1663a4a2cde9377fdd686a2b9320b1bd545932d7a7609716d3bf87fbfd632507d0445e547bd0956e2bda49b10222653e2d7b1c4b32c2042355e62f802df3775a43491ca690093b59cab214304652534ce8d23143b662aeb26fc2d7180ceafde9d420842d899374939ee1f5a171b8194513b0e201fbc0dade8db466e137dcee547d145115cf711a657651075631e27d48ec8aac24f562c762a320e6c9b11925cb54f0c0109f2b8930b5423078a288b2f10419fa9857dba583baf85da54c4499b0dd1f17cf66b1580f60a13f705c6f2b104a33e2c01a4afe8c9c98a0d8401ea8ba938bf90855d0ad3b83d938c4fe54b0f5bc7c33553fd6097f09aafd96401fe744d5ec984cbc423c472ec6dc64df1f10b2c7b1831826e6b191fd25020b13b8cae53c5f0208892274ba052e6e6d0a8e734e6c0d8ba15be093b02985259f7fae908c81f58d1d9794db95357663392c04bc58241379846be3aab42ff13007ea750d3c5bd1e84f5b3c6c7dd71137dd254b4c52ae6f5a5c2a3f7139ad4c39f246f9a1f6746a91a11636738ce6a023b48304b3c889b7eebb2b9720c39d379df45faa4dc70c9407b3ee33dd37b7119b73953e1bf96a633fb0ef1b6861737d2333f4e50622bd93ea377488b324575d46abfe1e663177ffa52bd0bf6396734eab0480b71153f77a4b3e710c74011ae11db373d1b481bb219a85f43ea7f7fe0858be763782eaf0870b651f59ce42d748960d06d3db9a92e3e93ebbb4aef9da202de2448949a6fbefad2c251d59c288f61b0c0ce479ae4aed8c89a4eb0c590333bd3d51c0a7384134bfec40e412cfd02ed5da8b53d7f77ccff9fd525ca1f0ff043f68cd2e51d2cbd8b6377d9353882c9a1cc328ac2261858ea98fafe243302d5f1d25404a532ca70cb3d63cbfadad03e70d4c14ac27df6190a5c4731a59c973063051b80a5ef701a65e7eb466e0fb85a177d446a2e736a93dd7be168ce63cfa9e39985e8327f029fe80c94453af0743792ea4fc1e2a19e3af95e6084f5730e8ce3e7e78dc72d345c915649ceb24e9f78aa4dcf6fe0ffddea3af30a1487f173201aacecca9ad09827b4229a18d6f5d3a3e810b37393896f4eb2f6330c4dd794b24edd2519084b8b9aaa34fe003b41fab19a08a416fa993daeebfb7671399e65b29de6b1aa5af1d3a43f5d26a421690323bf8bb8212b653b48499efb24a632c6addb525ea6298bdd4150ca64f9ea3c0b7db790e87ede119844ee0dd1e2f3550ad2e95307be3816eb0979732a2249c486e9bcc17b3b398bf3a22ae0fb6c07fc72239767ceab528a9d4feae3d594eaf9f4fd64f5c667452830a7b2aca626f1b00ecb5a9525953ef4308918d32ea830acd5e327b5ee3aae5c66f845abaf8c58d4c538d6b659e9e14ae847550ac1c7bdc3de11c82c1832c94fc8b348430fbbdbeb221957f048734c51c91e6578d748e802638dd753ffce8a3177cc22c213519eed2da6d7275e04d6be62aef2293ebe3f934c681c0dbf0b7d20ca86ec6840f53aa376e461e213152c3911e262d30b3db24b4d778dd524ccf375a3ec4c9ea11124a14988afa7ee304fda6eacfe9a939709d3a6500dabbf9c60d2ba1bd53c86afe988df0e5bdbd97c184dd09216b05ea67f1ce56c82a9214f581dc4c3d113c2dbe8d9f7c1bd92dd85afbe9e3ea0eeef3d9905fe60803f1c0c2aca579cefc009a0b3fae937f4f0c8ab8471e5bc0a2a86dc5e7379b0988c1fe7bb574d1b2113d153dc3282c6b67bba936c78cd3236a877aa662912350d97011b66d863f2a49c3c676455f44117e3acbd223a692e9a348a7eca934539979c5b77e7b7e4a69947e1a6acb7ac46265d3c324d8cd060d9b7074e421225bf9026e940a574f95b0c52ae33324d203050049b8638b27d5bdc3636f243da1c21323152f4150a244bd66de7922f266b67237a9fbf9d8c9d570fe7b77806f7443298631a81babf2920a231a7e16f9e85f42d33c5c8e7eb6d6550d43dc2f0e3397916fff1d31556fbbc8e8d229845e5ce825334547b402cc10421f8b8e444ebfdb64d75b309ebea06e8dc9c13966f60b2d9b3dfe64698080ca76753baf3dcbf77a0c8dc6ea6bd1db6d3c9dc0d793169466303a04a58fda760c68e4c351b17621c3e8831b6f31f5f1af71332157fa6d94caa9ddc4354a604274ed67930276058535837dd4af2e653e11cda415b7b2fd95f9fcfbc31996b1740fc79c8ef1252819ad3fc1597eb8eb485160b88446022074bfb76e910ca8a8ebb4e66ce196cf7115fe85c683765d50165c69fecf111dd65f374117aa59f45de2889c4adb5cf9592b342bb234929f11459c01a23395566349e1c59f667f0401c6e1c4ae0f0e674bc06a202ec3e43e9b17159cd91c9786566c89b5c2a151e0d26385e8f9acbd5e3925c5c57770148f1e4190ea2c309dc858e73ad5e3ba603e45997048370341d6a15b0c085737b46195224e1e4ed03a37cbbced27ba25887f38eb0cd8428828c9616d5c80d24efa376c26b32da50271df50e24dad065b766b1bd9dbbe6026faf84a539cceabae96e1ffda0160fe01ae4214a904749ff88cf64cc10ec46611dbaefa989f82cefa4edf1b933620f4b1ccb45d447504fb6a903645ce6bcbe8333aa89353d5893780577a2ee805feaa2367dc1ec5376cc09265a9f3f3000fa296bbca5239f8b106cf18c562985c1d0a654618742d9da9ff85597b6c275327721717b688bf42e4242370d6439787b6ef814233494ec56a79e7276f5660d4e9004840d528288fbccaf1e2b2831720ecb772cfafc4efa80d7f6379ed48e3c28f55a3b10d4cac00c1078bd61c30d7a39362a51a3bbf00addf34b3b623286b775b521aff387b535e4d26d766eddef4a3e5aa7c1c872649928fc61a02fcf37c78d2b92346b09f2c5714f836ea250b8a67957fa99de0f367fedabd00081762ba5076ac9d4f6a499ea5823b8a646ec1aa0dac953db4f23350c8c987648a2945280c1ae4567332e6112cf8206aac8637e53f9eed402d983d6dfda34d6ccab7bc93d57d91bc996d614458b5317fb0cad815b0b4156a59a9505c36e4842065da39726ff8abfb8a6e22216d6f037e4e44b3cd880bbbb829483b4866a17530dc29b2088df4988640b35937d49bfde0348785a2cad3b8115627246f69975724e630a50bb36bc8046c28db091b6a3202029b32e4e564b2eafa14472e619037769fe7d3129c51a2610c560c2920dca318e2514a4e085067f99155a4f50920fe88c8395154edad8267ca45bcec1f0a0fda99213e8456950356fbaf97d9f23adf68752fce8bc29e98b1703f4bff70460271719d39b0d89f56d6c50b2726c66fb7c3f9ad49ce724024be07166f8fe19b1871abe6500855a12d5635c42523be335396c5c86003a3afc5e83867fbda2ca941e45eca81ce04c37f300ebe0665c8e8bdce65fd8be6ea26c5f1095431efdef5dec2ff816d7f9364aa68bfd7b2a72658c993a484031f89704ee660bc9c00c19e31dcbafb01c8073827f0626f8880a4952e538a387a85a27d7a73ebb8511d2060667fea48d8f128bdd10e2ce05678b31aff9b7d7eb2860c677bda9182c39a1295c3a84ce37f6ad98bd2e4a455a4d1839ab3da8838b21f370898a8cec97e24a1d412d14b4b507241951052178f3554e98e7d79c7e204f113bc48b454384b989af9c6b574a607721f3533b2fd3f3fe9cea509c89499f8b10c3aba461f405e8573fd471eb1d891fdb42ccc41452d5ff21fb7b52b7e9f52c8db0ed47416c4e08c48b66a4dcbd142c7a9134953c92bdfeab4e9a959fbb174e244a150beaa485cbbf7f463122d37a799837f547af33cb50ab9565a58fc44a9799a77cb1dab95f8efaf56c37629dc7942be76c06c8eae1a99b41f0b0c84678ed735a8e4b16dc3a3d145e604ef2e624e3b39c7d7d41d3c048801a480dc4a23cb48e9d4b95b6c4f01b3d7b6893dd0213c4a91c82f9512cccb3a3b87d69fc1feebfd5f621223a7fd8d796d818af8520deb8cf2ef19fedff338e7cc08f8f911e04703ee09a98c8af28850cf2b8080150ad6fa55d6a732d8ab66bd38c270669d57c8a3c3c1a64008f95860b671cdec19dee7f10174244babc44567a662860f48033d7f9b46948696f2196efc1f925e4cad23b96dee55c013aeaee2c7182eef6d9a5d155641d4c993152b4030b75b2ae735624d719b8815b9d17f231bafc86cbf66f629d9b83d6b8152cc9695d1d7f63f4c4d0f1ab7ddf0d1d0c9b71302fd893e89e01ce2845f08d47a88473305f359c71625939ab4d8f37f74296cb9f3a47aecba493851ffc8d1285f2be37dd067805db7935ead943d79332ef6381ca15a3db1d340c5bae0ae8051aedd9cd87d64819ac3b6e32577627483208e321e9bd50520dc839dfa6d5305a7211059482278d341eae17fc1bf07c66cd16b3b7bbeb70dfec790e351d1a138c5ac3579530c6abd4a1cb2a23fa6a64a95bdcaec0b7a4c5624cbfe1ef99a2cf31519f8e74bb933c14aa8857f14ab98ac15dc5702fd79996a4051ae3765a6a2ba086f4739ec9dcda395751c6c4a99f4c1f8c30ef9f53a7fffc4efe67e882be1a7661856e31062be8a355164ba5695f97298e144dc5e5afd46959205280def3be4c5c25d027d8d40b95a714189203bd82824b4653d30ec5fff1b4bf87a44eb63834bcc3021612d15c1a29443cca7a66abc1ddd59e539d83963c507312dc668b1e90f2c0e958ed017741a2b260f3c7b5d3d3e7c4881bbe379e8f929aafc8c1a38d04836f1c418138af3777f07cd65d2317031bbb911fdd8fec3070d23db448b1a74156e8542f204ec873f2b1222ab8176c40580d6710129ac3cbc260a120441ca5e382337386d8662ae540058f10e1388fce64df1b4f034b255b191bc6388be28139eae2d162e7df9ae65174c040e0ce97b656f1c800c5cf46afb6e28e03de0da0dcb5123c56bb32689deace0e7e2ac778d6bab800d459662068d62d0fff0eb2c8064a25040ebe0a949f3b94b730663bf5f9364a5242a9c6cbe53a796a7cb04f57b3d5ff4a5e49c0747248d997a05cd012d54baff5bc13989c538a8be2d74d511fc0eda73efb701de68a002064be5946993b9d8e311987c5945fdfa3808838b7421b7b6b37b87bf3d310f2ebd45a1651db84461a3bbc7bc8e77adb0b759bd2ea369cf6d9f36f265695c8a9a5bd17f81f45d930ba6a1e44c429e6a7fe0cd034a01c862e32daeee65ab370073193f8976b65d7ec65545d4329b937ae7ae535e5129301e069749e77917f44093017e22907494f509e9a8c4e57be875f5faade5bf45af179ad86f8c771a3e77be005886d43b6fbb863d2f3fa8094b55ccbbea820faf9ca76492cbc68967bcbf02d1e59b8997325cbba54dba755ae99ba1f0b119a92db7beeaae91b1f84ff2236013e131cfc6fe3e3c49f9d0648bdc370afc11a5e7746745bb9e0fbe8fb3bf269d5314b37e57aadd53b6d23aa448740ab52a143b11793f6616db509ee935b3c74f8368346ba3a8e61ce3f467e7ae587d0798f23114f85974849314e8dd8e310bf18d5f0027eac1471942c91f2bc92e53bbc8224a316af37991a"}, {0x18, 0x0, 0x3ff, "73034bb74d982685"}], 0x1028}}], 0x5, 0x10) signalfd4(r2, &(0x7f0000000000)={[0x5da9]}, 0x8, 0x80000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x67) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x300) 21:01:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x800) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:01:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x480) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x500) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x600) 21:01:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x700) 21:01:07 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x400000000000000, 0x0) 21:01:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x900) 21:01:07 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000001c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}, {&(0x7f0000000100)="e45f93d048a038a4cdbadb17cbb138828962f5c735b3ffe1be99928a3c65471d0149a51227392e2ce9ab5a2466d5bbebdba0e1afc95daa929830078df195e6b765aa3c3ad35e", 0x46}, {&(0x7f0000000000)="3cbb423b000e7a5fece03248326db6abaeea6534b604c5041c20bcd824", 0x1d}, {&(0x7f0000000180)="5ad06fe5a7917f2dece1d74e012c5b8d3a620964121f79d43ffe", 0x1a}], 0x7, 0x0) ptrace$setopts(0x4206, r0, 0xfffffffffffffffe, 0x0) tkill(r0, 0x15) ioctl$SNDCTL_DSP_GETCAPS(0xffffffffffffffff, 0x8004500f, &(0x7f00000000c0)) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xa00) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xb00) 21:01:08 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x100) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) 21:01:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xc00) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xd00) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xe00) 21:01:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0xf00) [ 2420.782275][T25535] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. 21:01:10 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x600000000000000, 0x0) 21:01:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1100) 21:01:11 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e37177992f5440af06fa441ee", 0x41}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x100, 0x70bd2c, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000081) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1200) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1300) 21:01:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) r2 = socket(0x1, 0x1, 0x400) sendmsg$NL80211_CMD_GET_POWER_SAVE(r2, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x66}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x5}, 0x40c1) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000080)={0x1, [0x0]}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, r5}, 0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={r5, 0x4, 0x3f, 0x9, 0x20, 0x7f}, 0x14) ptrace$cont(0x18, r0, 0x0, 0x0) 21:01:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000040)="55530700ae897008001bc2d75f1ff2de503b0fb1f147a869c5dabcda25d868002700230090e05b879246d8872ae3e5070c1bff686e371779", 0x38}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3) 21:01:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='U', 0x1}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, &(0x7f0000000000)=0x4) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x3, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x200000004, 0x4) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1400) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1500) 21:01:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAME(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x19c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @mcast2}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @empty}}}}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_PUBL={0x4}, @TIPC_NLA_LINK={0x9c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}]}]}, 0x19c}}, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x4c, 0x0, 0x0, 0x0, 0x25dfdbfd, {}, [@GTPA_TID={0xc, 0x3, 0x2}, @GTPA_FLOW={0x6, 0x6, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x15}}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r1}]}, 0x4c}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x1600) 21:01:13 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000340)='US', 0x2}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x34) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0xc00000000000000, 0x0) [ 2426.235395][T25663] ================================================================== [ 2426.243624][T25663] BUG: KCSAN: data-race in prepare_signal / ptrace_attach [ 2426.250719][T25663] [ 2426.253021][T25663] write to 0xffff8880380e7030 of 4 bytes by task 25662 on cpu 0: [ 2426.260710][T25663] ptrace_attach+0x217/0x4b0 [ 2426.265282][T25663] __se_sys_ptrace+0xc1/0x2e0 [ 2426.269936][T25663] __x64_sys_ptrace+0x51/0x60 [ 2426.274594][T25663] do_syscall_64+0x39/0x80 [ 2426.278987][T25663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2426.284935][T25663] [ 2426.287253][T25663] read to 0xffff8880380e7030 of 4 bytes by task 25663 on cpu 1: [ 2426.294916][T25663] prepare_signal+0x769/0xd80 [ 2426.299580][T25663] __send_signal+0x64/0x780 [ 2426.304116][T25663] send_signal+0x39f/0x3d0 [ 2426.308541][T25663] do_send_sig_info+0x9b/0xe0 [ 2426.313194][T25663] __se_sys_tkill+0x12b/0x180 [ 2426.317863][T25663] __x64_sys_tkill+0x2d/0x40 [ 2426.322429][T25663] do_syscall_64+0x39/0x80 [ 2426.326888][T25663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2426.332871][T25663] [ 2426.335180][T25663] Reported by Kernel Concurrency Sanitizer on: [ 2426.341304][T25663] CPU: 1 PID: 25663 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0 [ 2426.349737][T25663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.359768][T25663] ================================================================== [ 2426.367814][T25663] Kernel panic - not syncing: panic_on_warn set ... [ 2426.374388][T25663] CPU: 1 PID: 25663 Comm: syz-executor.4 Not tainted 5.10.0-syzkaller #0 [ 2426.382781][T25663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2426.392830][T25663] Call Trace: [ 2426.396123][T25663] dump_stack+0x116/0x15d [ 2426.400454][T25663] panic+0x1e7/0x5fa [ 2426.404328][T25663] ? vprintk_emit+0x2e2/0x360 [ 2426.408989][T25663] kcsan_report+0x67b/0x680 [ 2426.413531][T25663] ? __perf_event_task_sched_in+0x565/0x590 [ 2426.419506][T25663] ? kcsan_setup_watchpoint+0x47b/0x4e0 [ 2426.425079][T25663] ? prepare_signal+0x769/0xd80 [ 2426.429921][T25663] ? __send_signal+0x64/0x780 [ 2426.434636][T25663] ? send_signal+0x39f/0x3d0 [ 2426.439213][T25663] ? do_send_sig_info+0x9b/0xe0 [ 2426.444079][T25663] ? __se_sys_tkill+0x12b/0x180 [ 2426.448944][T25663] ? __x64_sys_tkill+0x2d/0x40 [ 2426.453688][T25663] ? do_syscall_64+0x39/0x80 [ 2426.458256][T25663] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2426.464324][T25663] ? map_vdso_once+0x48/0x120 [ 2426.468989][T25663] ? aa_may_signal+0x3df/0x410 [ 2426.473742][T25663] kcsan_setup_watchpoint+0x47b/0x4e0 [ 2426.479096][T25663] prepare_signal+0x769/0xd80 [ 2426.483751][T25663] __send_signal+0x64/0x780 [ 2426.488254][T25663] send_signal+0x39f/0x3d0 [ 2426.492660][T25663] do_send_sig_info+0x9b/0xe0 [ 2426.497323][T25663] __se_sys_tkill+0x12b/0x180 [ 2426.501979][T25663] __x64_sys_tkill+0x2d/0x40 [ 2426.506560][T25663] do_syscall_64+0x39/0x80 [ 2426.510954][T25663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2426.516833][T25663] RIP: 0033:0x45e149 [ 2426.520704][T25663] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2426.540286][T25663] RSP: 002b:00007f6c05dbac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 2426.548676][T25663] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 000000000045e149 [ 2426.556623][T25663] RDX: 0000000000000000 RSI: 0000000000000034 RDI: 00000000000021b5 [ 2426.564581][T25663] RBP: 000000000119c060 R08: 0000000000000000 R09: 0000000000000000 [ 2426.572528][T25663] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119c034 [ 2426.580480][T25663] R13: 00007fffa659cb7f R14: 00007f6c05dbb9c0 R15: 000000000119c034 [ 2427.653689][T25663] Shutting down cpus with NMI [ 2427.659116][T25663] Kernel Offset: disabled [ 2427.663426][T25663] Rebooting in 86400 seconds..