00000000 ActivityState = 00000000 [ 993.955537] *** Host State *** [ 993.959028] RIP = 0xffffffff812047de RSP = 0xffff8881732a7390 [ 993.965065] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 993.972017] Interruptibility = 00000000 ActivityState = 00000000 [ 993.983177] *** Host State *** [ 993.991212] RIP = 0xffffffff812047de RSP = 0xffff88817e61f390 [ 993.991566] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 994.005187] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 994.018241] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 994.026045] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 994.038367] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 994.050429] CR0=0000000080050033 CR3=000000018089c000 CR4=00000000001426e0 [ 994.057104] CR0=0000000080050033 CR3=00000001bd8e9000 CR4=00000000001426e0 [ 994.068195] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 994.074907] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 994.088138] *** Control State *** [ 994.091651] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 994.108150] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 994.108157] EntryControls=0000d1ff ExitControls=002fefff [ 994.108170] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 994.116188] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 994.138215] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 994.145140] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 994.152755] *** Control State *** [ 994.156516] reason=80000021 qualification=0000000000000000 [ 994.160791] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 994.168718] IDTVectoring: info=00000000 errcode=00000000 [ 994.178279] TSC Offset = 0xfffffdea0925fb83 [ 994.183192] EPT pointer = 0x00000001a978501e [ 994.187761] EntryControls=0000d1ff ExitControls=002fefff [ 994.202326] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 994.218593] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 994.245602] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 994.276067] reason=80000021 qualification=0000000000000000 [ 994.290604] IDTVectoring: info=00000000 errcode=00000000 [ 994.304266] TSC Offset = 0xfffffde9e3d237e5 [ 994.309296] EPT pointer = 0x00000001b806101e 16:52:19 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:19 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f]}}, 0x1c) 16:52:19 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:19 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x57a, 0x3, 0x0, 0x8, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 994.976553] *** Guest State *** [ 994.985793] *** Guest State *** [ 994.989267] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 994.991468] IPVS: ftp: loaded support on port[0] = 21 [ 995.004431] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 995.013658] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 995.019633] IPVS: ftp: loaded support on port[0] = 21 [ 995.023692] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 995.038260] CR3 = 0x0000000000000000 [ 995.041990] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 995.047995] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 995.065644] CR3 = 0x0000000000000000 [ 995.076468] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 995.093890] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 995.104812] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 995.105465] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 995.124245] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 995.133579] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 995.134501] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 995.143334] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 995.161033] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000000000 [ 995.170443] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 995.179056] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 995.186930] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 995.195311] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 995.195770] GDTR: limit=0x00003000, base=0x0000000000003000 [ 995.211802] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 995.220544] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 995.229816] IDTR: limit=0x00000001, base=0x0000000000105000 [ 995.238166] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 995.238700] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 995.254482] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 995.254674] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 995.262867] GDTR: limit=0x00003000, base=0x0000000000003000 [ 995.269649] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 995.285417] Interruptibility = 00000000 ActivityState = 00000000 [ 995.291822] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 995.292260] *** Host State *** [ 995.303607] RIP = 0xffffffff812047de RSP = 0xffff8881732a7390 [ 995.309804] IDTR: limit=0x00000001, base=0x0000000000105000 [ 995.310281] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 995.324545] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 995.324695] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 995.340638] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 995.340967] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 995.353253] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 995.353481] CR0=0000000080050033 CR3=00000001c2077000 CR4=00000000001426e0 [ 995.360984] Interruptibility = 00000000 ActivityState = 00000000 [ 995.374421] *** Host State *** [ 995.377899] RIP = 0xffffffff812047de RSP = 0xffff8881804af390 [ 995.384237] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 995.385019] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 995.397658] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 995.397671] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 995.406031] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 995.411731] CR0=0000000080050033 CR3=00000001b3740000 CR4=00000000001426e0 [ 995.418335] *** Control State *** [ 995.424971] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 995.435245] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 995.435301] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 995.448350] *** Control State *** [ 995.448631] EntryControls=0000d1ff ExitControls=002fefff [ 995.452068] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 995.457436] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 995.464375] EntryControls=0000d1ff ExitControls=002fefff [ 995.476848] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 995.484073] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 995.484260] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 995.491042] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 995.497919] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 995.511380] reason=80000021 qualification=0000000000000000 [ 995.522588] IDTVectoring: info=00000000 errcode=00000000 [ 995.528322] reason=80000021 qualification=0000000000000000 [ 995.528806] TSC Offset = 0xfffffde918fbf7aa [ 995.540899] EPT pointer = 0x00000001bdd0801e [ 995.547138] IDTVectoring: info=00000000 errcode=00000000 [ 995.552912] TSC Offset = 0xfffffde9193593c0 [ 995.557654] EPT pointer = 0x00000001bf42201e [ 995.618344] *** Guest State *** [ 995.621707] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 995.640911] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 995.656016] CR3 = 0x0000000000000000 [ 995.660026] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 995.667024] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 995.673838] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 995.681140] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 995.689560] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 995.697567] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 995.697587] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 995.697621] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 995.697670] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 995.697684] GDTR: limit=0x00003000, base=0x0000000000003000 [ 995.718459] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 995.730194] IDTR: limit=0x00000001, base=0x0000000000105000 [ 995.746421] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 995.762454] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 995.762467] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 995.777248] Interruptibility = 00000000 ActivityState = 00000000 [ 995.783952] *** Host State *** [ 995.787353] RIP = 0xffffffff812047de RSP = 0xffff88817bc2f390 [ 995.793554] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 995.800095] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 995.800108] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 995.800122] CR0=0000000080050033 CR3=00000001b3740000 CR4=00000000001426f0 [ 995.800137] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 995.813945] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 995.827784] *** Control State *** [ 995.837148] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 995.837157] EntryControls=0000d1ff ExitControls=002fefff [ 995.837172] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 995.837182] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 995.837192] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 995.837214] reason=80000021 qualification=0000000000000000 [ 995.851828] IDTVectoring: info=00000000 errcode=00000000 [ 995.863419] TSC Offset = 0xfffffde9193593c0 [ 995.876175] EPT pointer = 0x00000001bf42201e 16:52:21 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}}, 0x1c) 16:52:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:21 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x0) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:21 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x0, 0x0, 0xdf92, 0x57a, 0x3, 0x0, 0x8, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 996.249114] IPVS: ftp: loaded support on port[0] = 21 16:52:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}}, 0x1c) [ 996.306033] IPVS: ftp: loaded support on port[0] = 21 [ 996.314254] *** Guest State *** [ 996.317572] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 996.342880] *** Guest State *** [ 996.373271] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 996.396588] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 996.408357] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 996.417292] CR3 = 0x0000000000000000 [ 996.436534] CR3 = 0x0000000000000000 [ 996.444476] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 996.453815] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 996.464044] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 996.480153] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:52:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}}, 0x1c) [ 996.491898] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 996.500261] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 996.520383] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 996.532071] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 996.544383] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 996.552969] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 996.561985] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 996.570489] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 996.579241] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 996.595999] ES: sel=0x0019, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 996.612865] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 996.630815] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:52:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}}, 0x1c) [ 996.642543] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 996.661890] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 996.673626] GDTR: limit=0x00003000, base=0x0000000000003000 [ 996.693986] GDTR: limit=0x00003000, base=0x0000000000003000 [ 996.703301] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 996.726488] IDTR: limit=0x00000001, base=0x0000000000105000 [ 996.736944] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 996.756026] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 996.766471] IDTR: limit=0x00000001, base=0x0000000000105000 [ 996.777992] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 996.788569] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 996.798585] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:52:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000]}}, 0x1c) [ 996.811877] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 996.820789] Interruptibility = 00000000 ActivityState = 00000000 [ 996.832949] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 996.841832] *** Host State *** [ 996.848408] RIP = 0xffffffff812047de RSP = 0xffff888181a8f390 [ 996.857859] Interruptibility = 00000000 ActivityState = 00000000 [ 996.866904] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 996.891293] *** Host State *** [ 996.918604] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 996.938214] RIP = 0xffffffff812047de RSP = 0xffff88818864f390 [ 996.948242] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 996.949275] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 996.978947] FSBase=00007fb75975d700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 997.000183] CR0=0000000080050033 CR3=00000001bccea000 CR4=00000000001426e0 [ 997.018355] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 997.024287] CR0=0000000080050033 CR3=00000001ae89c000 CR4=00000000001426f0 [ 997.024311] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 997.058274] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 997.064993] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 997.092468] *** Control State *** [ 997.099531] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 997.106503] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 997.118260] *** Control State *** [ 997.121766] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 997.148202] EntryControls=0000d1ff ExitControls=002fefff [ 997.153833] EntryControls=0000d1ff ExitControls=002fefff [ 997.167418] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 997.174616] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 997.195214] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 997.204400] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 997.211531] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 997.222836] reason=80000021 qualification=0000000000000000 [ 997.231511] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 997.236072] IDTVectoring: info=00000000 errcode=00000000 [ 997.256188] reason=80000021 qualification=0000000000000000 [ 997.258139] TSC Offset = 0xfffffde866797f4d [ 997.267475] EPT pointer = 0x00000001c61c801e [ 997.272318] IDTVectoring: info=00000000 errcode=00000000 [ 997.277802] TSC Offset = 0xfffffde8652b62c4 [ 997.284799] EPT pointer = 0x00000001bf42201e 16:52:23 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:23 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:23 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}}, 0x1c) 16:52:23 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0x0, 0x57a, 0x3, 0x0, 0x8, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 998.635884] IPVS: ftp: loaded support on port[0] = 21 16:52:23 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}}, 0x1c) [ 998.661870] *** Guest State *** [ 998.665167] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 998.720338] *** Guest State *** [ 998.723651] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 998.747364] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 998.749711] IPVS: ftp: loaded support on port[0] = 21 [ 998.788784] CR3 = 0x0000000000000000 [ 998.792563] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 998.792571] CR3 = 0x0000000000000000 [ 998.792582] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 998.792599] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 998.829375] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 998.850916] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 998.868285] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 998.876312] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 998.884961] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 998.908264] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 998.914254] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 998.921048] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 998.938183] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 998.946247] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 998.954283] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 998.954304] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 998.954322] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 998.954339] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 998.990556] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 998.999305] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 999.001652] GDTR: limit=0x00003000, base=0x0000000000003000 [ 999.007651] GDTR: limit=0x00003000, base=0x0000000000003000 [ 999.024023] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 999.028154] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 999.033005] IDTR: limit=0x00000001, base=0x0000000000105000 [ 999.048121] IDTR: limit=0x00000001, base=0x0000000000105000 [ 999.048610] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 999.056144] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 999.056156] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 999.056169] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 999.056179] Interruptibility = 00000000 ActivityState = 00000000 [ 999.056184] *** Host State *** [ 999.056202] RIP = 0xffffffff812047de RSP = 0xffff88817aa2f390 [ 999.065942] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 999.098130] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 999.102313] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 999.118152] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 999.138137] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 999.144082] CR0=0000000080050033 CR3=00000001cc94d000 CR4=00000000001426e0 [ 999.145789] Interruptibility = 00000000 ActivityState = 00000000 16:52:24 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x0) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}}, 0x1c) [ 999.158157] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 999.164870] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 999.165526] *** Host State *** [ 999.188132] *** Control State *** [ 999.191630] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 999.196740] RIP = 0xffffffff812047de RSP = 0xffff888181a8f390 [ 999.219218] EntryControls=0000d1ff ExitControls=002fefff [ 999.222840] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 999.224755] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 999.224766] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 999.224776] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 999.224785] reason=80000021 qualification=0000000000000000 [ 999.224793] IDTVectoring: info=00000000 errcode=00000000 [ 999.224800] TSC Offset = 0xfffffde71a948894 16:52:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000]}}, 0x1c) [ 999.224811] EPT pointer = 0x00000001cdb2701e [ 999.241548] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 999.290956] IPVS: ftp: loaded support on port[0] = 21 16:52:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80]}}, 0x1c) [ 999.352331] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 999.359219] CR0=0000000080050033 CR3=000000017f077000 CR4=00000000001426e0 [ 999.378643] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 999.393722] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 999.429769] *** Control State *** [ 999.446668] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 16:52:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}}, 0x1c) [ 999.483977] EntryControls=0000d1ff ExitControls=002fefff [ 999.506035] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 999.524392] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 999.546761] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 999.552090] *** Guest State *** [ 999.566549] reason=80000021 qualification=0000000000000000 [ 999.566560] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 999.566575] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 999.574540] IDTVectoring: info=00000000 errcode=00000000 [ 999.590940] TSC Offset = 0xfffffde724847f4b [ 999.600938] EPT pointer = 0x00000001d1ddb01e [ 999.637290] CR3 = 0x0000000000000000 [ 999.648475] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 999.671371] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 999.692499] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 999.707606] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 999.715920] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 999.724336] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 999.736712] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 999.745298] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 999.753451] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 999.761549] GDTR: limit=0x00003000, base=0x0000000000003000 [ 999.769702] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 999.777724] IDTR: limit=0x00000001, base=0x0000000000105000 [ 999.795864] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 999.804040] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 999.810625] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 999.819436] Interruptibility = 00000000 ActivityState = 00000000 [ 999.834454] *** Host State *** [ 999.837693] RIP = 0xffffffff812047de RSP = 0xffff8881806bf390 [ 999.843830] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 999.850490] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 999.858617] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 999.864555] CR0=0000000080050033 CR3=00000001c3e93000 CR4=00000000001426f0 [ 999.871775] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 999.879781] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 999.894560] *** Control State *** [ 999.898220] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 999.904959] EntryControls=0000d1ff ExitControls=002fefff [ 999.910569] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 999.917531] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 999.924606] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 999.931362] reason=80000021 qualification=0000000000000000 [ 999.937725] IDTVectoring: info=00000000 errcode=00000000 [ 999.944287] TSC Offset = 0xfffffde6a9086dc6 [ 999.949004] EPT pointer = 0x00000001cc9ee01e 16:52:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, 0x1c) 16:52:26 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:26 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x3, 0x0, 0x8, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:26 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:26 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000]}}, 0x1c) [ 1001.693036] *** Guest State *** [ 1001.693039] *** Guest State *** [ 1001.693053] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1001.728634] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1001.732885] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1001.738890] CR3 = 0x0000000000000000 [ 1001.751991] IPVS: ftp: loaded support on port[0] = 21 [ 1001.752386] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1001.764020] IPVS: ftp: loaded support on port[0] = 21 [ 1001.771764] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1001.785963] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1001.795632] CR3 = 0x0000000000000000 [ 1001.804305] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1001.810556] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1001.821057] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1001.850795] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1001.860057] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1001.868605] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1001.876828] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 1001.885580] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1001.896528] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1001.905176] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1001.913647] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1001.932629] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1001.941256] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1001.956893] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1001.968160] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1001.976847] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1001.985401] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1001.993710] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1002.002145] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1002.010525] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1002.018939] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1002.018953] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1002.035242] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1002.043488] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1002.050331] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1002.058605] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1002.066294] Interruptibility = 00000000 ActivityState = 00000000 [ 1002.072816] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1002.079475] *** Host State *** [ 1002.082891] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1002.090669] RIP = 0xffffffff812047de RSP = 0xffff88818427f390 [ 1002.096890] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1002.103642] Interruptibility = 00000000 ActivityState = 00000000 [ 1002.110224] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1002.118314] *** Host State *** [ 1002.121725] RIP = 0xffffffff812047de RSP = 0xffff88818864f390 [ 1002.127938] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1002.134130] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1002.140810] CR0=0000000080050033 CR3=00000001a88c6000 CR4=00000000001426e0 [ 1002.148127] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1002.156143] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1002.163085] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1002.169247] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1002.175561] CR0=0000000080050033 CR3=00000001cdf29000 CR4=00000000001426f0 [ 1002.182834] *** Control State *** [ 1002.186574] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1002.193511] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1002.200501] EntryControls=0000d1ff ExitControls=002fefff [ 1002.206168] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1002.212484] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1002.219702] *** Control State *** [ 1002.223358] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1002.230717] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1002.237719] EntryControls=0000d1ff ExitControls=002fefff [ 1002.243923] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:52:27 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x0) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:27 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff000]}}, 0x1c) [ 1002.261038] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1002.277177] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1002.286666] reason=80000021 qualification=0000000000000000 [ 1002.299551] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1002.306145] reason=80000021 qualification=0000000000000000 [ 1002.312261] IDTVectoring: info=00000000 errcode=00000000 [ 1002.341408] TSC Offset = 0xfffffde581b124f8 [ 1002.341418] EPT pointer = 0x00000001bc79a01e 16:52:27 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}}, 0x1c) [ 1002.363772] IDTVectoring: info=00000000 errcode=00000000 [ 1002.397697] TSC Offset = 0xfffffde5815d8060 [ 1002.436134] EPT pointer = 0x00000001c260d01e [ 1002.461037] IPVS: ftp: loaded support on port[0] = 21 16:52:27 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:27 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}}, 0x1c) [ 1002.644962] *** Guest State *** [ 1002.661695] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1002.670799] *** Guest State *** [ 1002.675593] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1002.685888] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1002.696347] CR3 = 0x0000000000000000 [ 1002.708354] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1002.716161] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1002.718269] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1002.736281] CR3 = 0x0000000000000000 16:52:27 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}}, 0x1c) [ 1002.748206] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1002.750969] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1002.762324] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1002.770983] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1002.780308] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1002.787018] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1002.804394] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 1002.824981] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1002.838834] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1002.849760] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1002.857993] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1002.866255] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1002.888294] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1002.888305] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1002.888319] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1002.896313] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1002.896334] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1002.896348] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1002.896366] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1002.918160] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1002.977499] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1002.988325] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1002.996310] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1003.008312] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1003.016357] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1003.038193] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1003.044695] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1003.067098] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1003.068161] Interruptibility = 00000000 ActivityState = 00000000 [ 1003.077123] Interruptibility = 00000000 ActivityState = 00000000 [ 1003.087277] *** Host State *** [ 1003.090881] RIP = 0xffffffff812047de RSP = 0xffff888182d27390 [ 1003.091959] *** Host State *** [ 1003.104142] RIP = 0xffffffff812047de RSP = 0xffff8881808b7390 [ 1003.106446] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1003.111865] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1003.123494] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1003.127608] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1003.131764] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1003.145567] CR0=0000000080050033 CR3=00000001d4f7a000 CR4=00000000001426e0 [ 1003.146295] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1003.152959] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1003.165665] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1003.172043] *** Control State *** [ 1003.172127] CR0=0000000080050033 CR3=00000001d2971000 CR4=00000000001426f0 [ 1003.175729] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1003.189605] EntryControls=0000d1ff ExitControls=002fefff [ 1003.195310] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1003.199968] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1003.209439] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1003.209457] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1003.222661] *** Control State *** [ 1003.223054] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1003.226164] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1003.226180] EntryControls=0000d1ff ExitControls=002fefff [ 1003.244299] reason=80000021 qualification=0000000000000000 [ 1003.247034] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1003.258388] IDTVectoring: info=00000000 errcode=00000000 [ 1003.258403] TSC Offset = 0xfffffde4fd84c8c3 [ 1003.264745] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1003.279746] EPT pointer = 0x00000001b7c6401e [ 1003.287339] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1003.306198] reason=80000021 qualification=0000000000000000 [ 1003.313142] IDTVectoring: info=00000000 errcode=00000000 [ 1003.319529] TSC Offset = 0xfffffde4fdf02e70 [ 1003.323909] EPT pointer = 0x00000001c3a8e01e 16:52:29 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:29 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, 0x0, 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}}, 0x1c) 16:52:29 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:29 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}}, 0x1c) [ 1004.773295] IPVS: ftp: loaded support on port[0] = 21 [ 1004.786876] *** Guest State *** [ 1004.796073] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1004.803064] IPVS: ftp: loaded support on port[0] = 21 [ 1004.817024] IPVS: ftp: loaded support on port[0] = 21 [ 1004.841410] *** Guest State *** [ 1004.855370] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1004.865368] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1004.899943] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1004.901139] CR3 = 0x0000000000000000 [ 1004.923878] CR3 = 0x0000000000000000 16:52:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}}, 0x1c) [ 1004.945535] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1004.955283] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1004.975324] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1004.984908] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1004.991280] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1005.022185] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1005.050685] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1005.070420] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1005.085573] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1005.109901] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 16:52:30 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, 0x1c) [ 1005.126768] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1005.142628] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1005.163477] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1005.184226] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1005.208346] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1005.216385] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1005.232796] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1005.248456] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1005.256473] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1005.274099] GDTR: limit=0x00003000, base=0x0000000000003000 16:52:30 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}}, 0x1c) 16:52:30 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, 0x0, 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:30 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1005.282868] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1005.305249] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1005.332915] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1005.358231] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1005.372554] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1005.384094] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1005.399363] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1005.410617] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1005.418410] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1005.425528] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:52:30 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}}, 0x1c) [ 1005.425869] Interruptibility = 00000000 ActivityState = 00000000 [ 1005.446994] IPVS: ftp: loaded support on port[0] = 21 [ 1005.453993] Interruptibility = 00000000 ActivityState = 00000000 [ 1005.468951] *** Host State *** [ 1005.476946] RIP = 0xffffffff812047de RSP = 0xffff888187c5f390 [ 1005.489997] IPVS: ftp: loaded support on port[0] = 21 [ 1005.524945] *** Host State *** [ 1005.533039] RIP = 0xffffffff812047de RSP = 0xffff8881a90c7390 [ 1005.544976] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1005.569072] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1005.580194] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1005.607707] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1005.618565] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 16:52:30 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, 0x1c) [ 1005.627929] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1005.636093] CR0=0000000080050033 CR3=00000001cb494000 CR4=00000000001426f0 [ 1005.648394] CR0=0000000080050033 CR3=00000001b6351000 CR4=00000000001426e0 [ 1005.652908] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1005.681485] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1005.682787] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1005.699718] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1005.705973] *** Control State *** [ 1005.710325] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1005.715856] *** Control State *** [ 1005.717158] EntryControls=0000d1ff ExitControls=002fefff [ 1005.728849] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1005.735537] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1005.735910] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1005.765178] EntryControls=0000d1ff ExitControls=002fefff [ 1005.775318] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1005.790157] reason=80000021 qualification=0000000000000000 [ 1005.790253] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1005.803291] IDTVectoring: info=00000000 errcode=00000000 [ 1005.827582] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1005.834659] TSC Offset = 0xfffffde3db27c919 [ 1005.841272] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1005.855786] reason=80000021 qualification=0000000000000000 [ 1005.858388] EPT pointer = 0x00000001b896d01e [ 1005.870547] IDTVectoring: info=00000000 errcode=00000000 [ 1005.886449] TSC Offset = 0xfffffde3db222d3c [ 1005.900139] EPT pointer = 0x000000017f39001e 16:52:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:30 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}}, 0x1c) 16:52:31 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x0, 0x9}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1006.118615] *** Guest State *** [ 1006.132039] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1006.141402] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1006.150762] CR3 = 0x0000000000000000 [ 1006.154688] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1006.172606] *** Guest State *** [ 1006.183278] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1006.183442] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1006.204740] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1006.227782] CR3 = 0x0000000000000000 [ 1006.237402] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1006.250322] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1006.251414] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1006.264361] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1006.278174] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1006.286230] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1006.308586] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1006.316574] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 1006.324733] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1006.338162] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1006.346195] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1006.368098] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1006.376075] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1006.398265] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1006.406437] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1006.428162] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1006.436195] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1006.458146] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1006.466209] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1006.474448] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1006.488177] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1006.488290] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1006.496307] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1006.518193] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1006.525711] Interruptibility = 00000000 ActivityState = 00000000 [ 1006.548131] *** Host State *** [ 1006.551415] RIP = 0xffffffff812047de RSP = 0xffff888187c5f390 [ 1006.557402] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1006.558191] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1006.578285] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1006.586138] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1006.592450] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1006.618150] CR0=0000000080050033 CR3=00000001bea1a000 CR4=00000000001426e0 [ 1006.618166] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1006.625227] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1006.625252] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1006.637443] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1006.667835] Interruptibility = 00000000 ActivityState = 00000000 [ 1006.668142] *** Control State *** [ 1006.677566] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1006.681080] *** Host State *** [ 1006.698136] EntryControls=0000d1ff ExitControls=002fefff [ 1006.703649] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1006.708187] RIP = 0xffffffff812047de RSP = 0xffff8881a90c7390 [ 1006.716839] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1006.728150] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1006.734872] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1006.741841] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1006.748141] reason=80000021 qualification=0000000000000000 [ 1006.758197] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1006.764148] CR0=0000000080050033 CR3=000000017fed4000 CR4=00000000001426f0 [ 1006.768139] IDTVectoring: info=00000000 errcode=00000000 [ 1006.776791] TSC Offset = 0xfffffde3259b113a [ 1006.781327] EPT pointer = 0x000000017f39301e [ 1006.792962] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1006.815489] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1006.850747] *** Control State *** [ 1006.871019] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1006.877701] EntryControls=0000d1ff ExitControls=002fefff [ 1006.884356] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1006.891504] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1006.898419] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1006.905009] reason=80000021 qualification=0000000000000000 [ 1006.911734] IDTVectoring: info=00000000 errcode=00000000 [ 1006.917191] TSC Offset = 0xfffffde31be71a8d [ 1006.921639] EPT pointer = 0x00000001ce79901e 16:52:32 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}}, 0x1c) 16:52:32 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:32 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, 0x0, 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:32 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000}, {0x6000, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1007.771031] IPVS: ftp: loaded support on port[0] = 21 [ 1007.774286] IPVS: ftp: loaded support on port[0] = 21 [ 1007.778955] *** Guest State *** [ 1007.794674] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:52:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4]}}, 0x1c) [ 1007.819034] *** Guest State *** [ 1007.848334] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1007.879417] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1007.901490] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1007.918341] CR3 = 0x0000000000000000 [ 1007.924344] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1007.926811] CR3 = 0x0000000000000000 16:52:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}}, 0x1c) [ 1007.953151] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1007.956275] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1007.974206] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1007.986617] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1008.008555] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1008.027017] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1008.038932] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:52:33 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}, 0x1c) [ 1008.062689] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1008.077002] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1008.095113] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1008.104827] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1008.122429] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1008.133389] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000006000 [ 1008.147406] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1008.172172] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1008.187914] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1008.210658] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1008.210677] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1008.224811] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1008.245727] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1008.257953] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 16:52:33 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000]}}, 0x1c) [ 1008.272979] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1008.283642] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1008.294465] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1008.312804] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1008.318489] Interruptibility = 00000000 ActivityState = 00000000 [ 1008.335820] *** Host State *** [ 1008.356144] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1008.364339] RIP = 0xffffffff812047de RSP = 0xffff88817d047390 [ 1008.383148] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1008.384388] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1008.407909] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1008.415310] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1008.423856] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 16:52:33 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:33 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}}, 0x1c) [ 1008.425336] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1008.444330] Interruptibility = 00000000 ActivityState = 00000000 [ 1008.451881] CR0=0000000080050033 CR3=00000001c3b20000 CR4=00000000001426e0 [ 1008.463824] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1008.466448] *** Host State *** [ 1008.487038] RIP = 0xffffffff812047de RSP = 0xffff8881d9707390 [ 1008.488462] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1008.501918] IPVS: ftp: loaded support on port[0] = 21 [ 1008.510953] *** Control State *** [ 1008.516884] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1008.517118] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1008.532735] EntryControls=0000d1ff ExitControls=002fefff [ 1008.558546] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1008.565492] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1008.582508] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1008.603162] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1008.612561] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1008.640210] CR0=0000000080050033 CR3=00000001cc073000 CR4=00000000001426e0 [ 1008.650795] reason=80000021 qualification=0000000000000000 [ 1008.677306] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1008.684095] IDTVectoring: info=00000000 errcode=00000000 [ 1008.685441] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1008.689980] TSC Offset = 0xfffffde24006d8a4 [ 1008.700555] *** Control State *** [ 1008.704256] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1008.714568] binder: unexpected work type, 4, not freed [ 1008.729301] binder: undelivered TRANSACTION_COMPLETE [ 1008.742724] binder: undelivered transaction 5, process died. [ 1008.748572] EPT pointer = 0x00000001c3e8901e [ 1008.758885] EntryControls=0000d1ff ExitControls=002fefff [ 1008.772582] binder: undelivered transaction 2, process died. [ 1008.785228] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1008.796890] binder: send failed reply for transaction 9, target dead [ 1008.814835] binder: send failed reply for transaction 11, target dead [ 1008.828480] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1008.835163] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1008.835305] binder: send failed reply for transaction 43, target dead [ 1008.858159] reason=80000021 qualification=0000000000000000 [ 1008.868471] binder: send failed reply for transaction 44, target dead [ 1008.876839] IDTVectoring: info=00000000 errcode=00000000 16:52:33 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80]}}, 0x1c) 16:52:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1008.888233] TSC Offset = 0xfffffde240967819 [ 1008.889806] binder: send failed reply for transaction 45, target dead [ 1008.896092] EPT pointer = 0x000000018089401e [ 1008.903633] binder: send failed reply for transaction 47, target dead [ 1008.926520] binder: send failed reply for transaction 48, target dead [ 1008.948123] binder: send failed reply for transaction 49, target dead [ 1008.965616] binder: send failed reply for transaction 50, target dead [ 1008.986429] binder: send failed reply for transaction 51, target dead [ 1009.005013] *** Guest State *** [ 1009.015438] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1009.039012] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1009.048507] CR3 = 0x0000000000000000 [ 1009.052414] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1009.058902] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1009.065062] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1009.072652] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1009.081081] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1009.089559] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1009.097770] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1009.106333] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1009.114847] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1009.123298] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1009.131805] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1009.140265] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1009.148750] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1009.156893] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1009.163795] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1009.171715] Interruptibility = 00000000 ActivityState = 00000000 [ 1009.178486] *** Host State *** [ 1009.181864] RIP = 0xffffffff812047de RSP = 0xffff8881bf80f390 [ 1009.188027] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1009.195067] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1009.203321] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1009.209654] CR0=0000000080050033 CR3=0000000181850000 CR4=00000000001426e0 [ 1009.216919] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1009.224330] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1009.230912] *** Control State *** [ 1009.234552] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1009.241771] EntryControls=0000d1ff ExitControls=002fefff [ 1009.247438] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1009.254905] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1009.262035] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1009.269096] reason=80000021 qualification=0000000000000000 [ 1009.275640] IDTVectoring: info=00000000 errcode=00000000 [ 1009.281564] TSC Offset = 0xfffffde19a47cac6 [ 1009.286055] EPT pointer = 0x000000018089401e 16:52:35 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:35 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000]}}, 0x1c) 16:52:35 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, 0x0) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}}, 0x1c) [ 1010.820938] *** Guest State *** [ 1010.821468] IPVS: ftp: loaded support on port[0] = 21 [ 1010.824361] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1010.853066] *** Guest State *** [ 1010.856370] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1010.880566] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1010.922926] CR3 = 0x0000000000000000 [ 1010.946497] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1010.969973] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1010.984905] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:52:36 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}}, 0x1c) [ 1010.985041] device bridge_slave_1 left promiscuous mode [ 1011.003155] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1011.008240] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1011.021365] bridge0: port 2(bridge_slave_1) entered disabled state [ 1011.022116] DS: sel=0x0010, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1011.046278] IPVS: ftp: loaded support on port[0] = 21 [ 1011.073210] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1011.079142] device bridge_slave_0 left promiscuous mode [ 1011.096261] CR3 = 0x0000000000000000 [ 1011.100523] bridge0: port 1(bridge_slave_0) entered disabled state [ 1011.103428] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1011.107456] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1011.121293] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1011.127416] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1011.138492] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1011.158272] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 16:52:36 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff000]}}, 0x1c) [ 1011.166468] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1011.177005] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1011.198664] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1011.209519] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1011.224106] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1011.241918] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1011.243785] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1011.266764] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1011.284499] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1011.284549] team0 (unregistering): Port device team_slave_1 removed [ 1011.301814] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1011.302197] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1011.316704] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1011.326293] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1011.350425] team0 (unregistering): Port device team_slave_0 removed [ 1011.357039] Interruptibility = 00000000 ActivityState = 00000000 [ 1011.358875] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1011.371886] *** Host State *** [ 1011.375324] RIP = 0xffffffff812047de RSP = 0xffff88817f74f390 [ 1011.390843] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 1011.395758] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1011.398691] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1011.412822] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1011.417517] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1011.421436] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1011.436282] CR0=0000000080050033 CR3=00000001c1111000 CR4=00000000001426e0 [ 1011.441512] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1011.443875] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1011.459020] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1011.475111] Interruptibility = 00000000 ActivityState = 00000000 [ 1011.477120] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 1011.488390] *** Host State *** [ 1011.489447] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1011.496404] RIP = 0xffffffff812047de RSP = 0xffff88817a2b7390 [ 1011.497692] *** Control State *** [ 1011.497703] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1011.497712] EntryControls=0000d1ff ExitControls=002fefff [ 1011.497727] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:52:36 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:36 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef]}}, 0x1c) [ 1011.497737] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1011.497746] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1011.497755] reason=80000021 qualification=0000000000000000 [ 1011.497762] IDTVectoring: info=00000000 errcode=00000000 [ 1011.497769] TSC Offset = 0xfffffde09dc83676 [ 1011.497780] EPT pointer = 0x00000001b635b01e [ 1011.524077] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1011.583140] IPVS: ftp: loaded support on port[0] = 21 16:52:36 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000]}}, 0x1c) 16:52:36 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x0, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1011.718167] FSBase=00007fb75975d700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1011.748098] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1011.758144] CR0=0000000080050033 CR3=0000000179f02000 CR4=00000000001426f0 [ 1011.765182] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1011.765195] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1011.765201] *** Control State *** [ 1011.765211] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1011.765228] EntryControls=0000d1ff ExitControls=002fefff [ 1011.765243] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1011.765254] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1011.765263] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1011.765272] reason=80000021 qualification=0000000000000000 [ 1011.765284] IDTVectoring: info=00000000 errcode=00000000 [ 1011.853729] bond0 (unregistering): Released all slaves [ 1011.902137] TSC Offset = 0xfffffde09d2033b6 [ 1011.906536] EPT pointer = 0x000000017d5d001e [ 1013.097359] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.128155] bridge0: port 1(bridge_slave_0) entered disabled state [ 1013.135543] device bridge_slave_0 entered promiscuous mode [ 1013.247266] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.268178] bridge0: port 2(bridge_slave_1) entered disabled state [ 1013.275562] device bridge_slave_1 entered promiscuous mode [ 1013.389189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 1013.477595] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 1013.710562] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1013.790829] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1014.256134] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1014.263833] team0: Port device team_slave_0 added [ 1014.314456] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1014.322344] team0: Port device team_slave_1 added [ 1014.399450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1014.463315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1014.531353] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1014.538530] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1014.555393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1014.594030] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1014.601355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1014.618666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:52:39 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:39 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f]}}, 0x1c) [ 1015.039447] IPVS: ftp: loaded support on port[0] = 21 [ 1015.336212] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.342641] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1015.349395] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.355795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1015.363842] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 1016.018541] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1016.566731] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1016.656484] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1016.815704] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 1016.822403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1016.837471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1016.992207] 8021q: adding VLAN 0 to HW filter on device team0 [ 1017.947765] IPVS: ftp: loaded support on port[0] = 21 16:52:45 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, 0x0) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:45 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:45 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x0, 0x10, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:45 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}}, 0x1c) 16:52:45 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1021.038294] IPVS: ftp: loaded support on port[0] = 21 [ 1021.057098] *** Guest State *** [ 1021.070801] IPVS: ftp: loaded support on port[0] = 21 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}}, 0x1c) [ 1021.095618] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1021.104112] IPVS: ftp: loaded support on port[0] = 21 [ 1021.113408] *** Guest State *** [ 1021.127459] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1021.160590] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1021.181382] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1021.192917] CR3 = 0x0000000000000000 [ 1021.196810] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1021.207403] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1021.213574] CR3 = 0x0000000000000000 [ 1021.213585] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1021.227096] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1021.233482] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1021.240704] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1021.249075] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}}, 0x1c) [ 1021.257625] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1021.260187] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1021.276765] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1021.293501] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1021.303652] DS: sel=0x0010, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1021.312656] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1021.321077] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1021.343939] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1021.354464] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1021.365523] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1021.374017] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1021.383286] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1021.392118] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1021.392307] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff]}}, 0x1c) [ 1021.402040] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1021.423963] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1021.437258] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1021.446228] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1021.456424] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1021.460293] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1021.470208] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1021.484498] Interruptibility = 00000000 ActivityState = 00000000 [ 1021.494368] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1021.498716] *** Host State *** [ 1021.504436] RIP = 0xffffffff812047de RSP = 0xffff8881ab53f390 [ 1021.521086] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1021.527836] FSBase=00007fb75975d700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1021.528747] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1021.536289] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1021.549719] CR0=0000000080050033 CR3=000000017cac6000 CR4=00000000001426f0 [ 1021.557809] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}}, 0x1c) [ 1021.565765] Interruptibility = 00000000 ActivityState = 00000000 [ 1021.580549] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1021.580559] *** Control State *** [ 1021.593833] *** Host State *** [ 1021.597203] RIP = 0xffffffff812047de RSP = 0xffff888182caf390 [ 1021.603943] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1021.610879] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1021.619599] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1021.625740] CR0=0000000080050033 CR3=00000001b8ac0000 CR4=00000000001426e0 [ 1021.626050] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1021.633270] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1021.646697] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1021.657153] *** Control State *** [ 1021.661000] EntryControls=0000d1ff ExitControls=002fefff [ 1021.666805] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1021.674188] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1021.675316] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1021.681843] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1021.695662] EntryControls=0000d1ff ExitControls=002fefff [ 1021.706839] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1021.715191] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}}, 0x1c) [ 1021.715556] reason=80000021 qualification=0000000000000000 [ 1021.722436] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1021.735440] reason=80000021 qualification=0000000000000000 [ 1021.742371] IDTVectoring: info=00000000 errcode=00000000 [ 1021.749522] IDTVectoring: info=00000000 errcode=00000000 [ 1021.756716] TSC Offset = 0xfffffddb22aac114 [ 1021.761591] TSC Offset = 0xfffffddb22aac10e [ 1021.766107] EPT pointer = 0x00000001aacde01e [ 1021.771359] EPT pointer = 0x000000017fbeb01e 16:52:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000]}}, 0x1c) 16:52:49 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, 0x0) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:49 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}}, 0x1c) 16:52:49 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1024.797835] *** Guest State *** [ 1024.801640] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1024.806937] *** Guest State *** [ 1024.819005] IPVS: ftp: loaded support on port[0] = 21 [ 1024.826587] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1024.858995] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1024.868547] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1024.877429] CR3 = 0x0000000000000000 [ 1024.879414] CR3 = 0x0000000000000000 [ 1024.895931] IPVS: ftp: loaded support on port[0] = 21 [ 1024.909397] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1024.916401] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1024.924426] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1024.931077] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1024.940095] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1024.952611] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1024.958103] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1024.962529] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1024.975848] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1024.977950] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1025.000208] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1025.002507] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1025.010060] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1025.026346] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1025.038654] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1025.050885] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1025.064612] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1025.080967] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000000000 [ 1025.081869] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1025.103107] IDTR: limit=0x00000001, base=0x0000000000105000 16:52:50 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000]}}, 0x1c) [ 1025.112145] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1025.119707] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1025.124412] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1025.137655] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1025.164765] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1025.176804] Interruptibility = 00000000 ActivityState = 00000000 [ 1025.186476] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1025.194442] *** Host State *** [ 1025.205092] RIP = 0xffffffff812047de RSP = 0xffff88817c05f390 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}}, 0x1c) [ 1025.214010] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1025.222997] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1025.231489] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1025.235578] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1025.244573] CR0=0000000080050033 CR3=00000001b3ecf000 CR4=00000000001426f0 [ 1025.255417] IPVS: ftp: loaded support on port[0] = 21 [ 1025.270546] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1025.284437] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1025.286335] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1025.312134] *** Control State *** [ 1025.325638] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1025.335051] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1025.342029] EntryControls=0000d1ff ExitControls=002fefff [ 1025.354846] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1025.363648] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}}, 0x1c) [ 1025.376314] Interruptibility = 00000000 ActivityState = 00000000 [ 1025.381084] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1025.406157] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1025.416151] reason=80000021 qualification=0000000000000000 [ 1025.422761] *** Host State *** [ 1025.423119] IDTVectoring: info=00000000 errcode=00000000 [ 1025.431925] TSC Offset = 0xfffffdd9202310a1 [ 1025.433438] RIP = 0xffffffff812047de RSP = 0xffff888181bff390 [ 1025.436568] EPT pointer = 0x0000000184aab01e [ 1025.448799] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1025.463947] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1025.472666] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1025.478901] CR0=0000000080050033 CR3=000000017f2ff000 CR4=00000000001426e0 [ 1025.486159] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1025.493649] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1025.499999] *** Control State *** [ 1025.500540] *** Guest State *** [ 1025.503772] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1025.506805] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}}, 0x1c) [ 1025.506821] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1025.506829] CR3 = 0x0000000000000000 [ 1025.506848] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1025.506861] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1025.506887] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1025.506909] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1025.513852] EntryControls=0000d1ff ExitControls=002fefff [ 1025.547842] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}}, 0x1c) [ 1025.585838] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1025.600219] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1025.609784] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1025.625312] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 16:52:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}, 0x1c) [ 1025.633570] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1025.640446] reason=80000021 qualification=0000000000000000 [ 1025.646998] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1025.655167] IDTVectoring: info=00000000 errcode=00000000 [ 1025.667458] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1025.675562] TSC Offset = 0xfffffdd92058745c [ 1025.685636] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1025.694395] EPT pointer = 0x000000017ead301e [ 1025.718608] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1025.737443] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1025.756586] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1025.765833] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1025.779229] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1025.786798] Interruptibility = 00000000 ActivityState = 00000000 [ 1025.807046] *** Host State *** [ 1025.812334] RIP = 0xffffffff812047de RSP = 0xffff88817b78f390 [ 1025.823140] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1025.830878] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1025.839091] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1025.845132] CR0=0000000080050033 CR3=00000001b3ecf000 CR4=00000000001426f0 [ 1025.854467] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1025.862687] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1025.871627] *** Control State *** [ 1025.875282] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1025.885283] EntryControls=0000d1ff ExitControls=002fefff [ 1025.890919] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1025.897894] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1025.904616] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1025.911252] reason=80000021 qualification=0000000000000000 [ 1025.917561] IDTVectoring: info=00000000 errcode=00000000 [ 1025.923043] TSC Offset = 0xfffffdd9202310a1 [ 1025.927372] EPT pointer = 0x0000000184aab01e 16:52:52 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x0, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:52 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, 0x1c) 16:52:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:52 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:52 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x0, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:52 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:52 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}}, 0x1c) [ 1027.887787] *** Guest State *** [ 1027.894158] *** Guest State *** [ 1027.897476] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1027.907818] IPVS: ftp: loaded support on port[0] = 21 [ 1027.910619] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1027.923636] IPVS: ftp: loaded support on port[0] = 21 [ 1027.949825] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1027.964012] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1028.000461] CR3 = 0x0000000000000000 [ 1028.004308] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1028.016075] IPVS: ftp: loaded support on port[0] = 21 [ 1028.040195] CR3 = 0x0000000000000000 [ 1028.058579] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1028.066726] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1028.075326] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1028.083444] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1028.095581] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:52:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}}, 0x1c) [ 1028.110860] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1028.129815] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1028.141485] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1028.161307] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1028.181545] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1028.190108] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1028.200477] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1028.220784] FS: sel=0x000b, attr=0x030e9, limit=0x00000000, base=0x0000000000000000 [ 1028.234553] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1028.239377] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1028.255154] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:52:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}}, 0x1c) [ 1028.264636] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1028.284670] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1028.306001] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1028.320433] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1028.336493] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1028.352272] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1028.362171] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 16:52:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}}, 0x1c) [ 1028.379641] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1028.386345] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1028.394964] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1028.416550] Interruptibility = 00000000 ActivityState = 00000000 [ 1028.424027] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1028.454034] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1028.461523] *** Host State *** [ 1028.481533] RIP = 0xffffffff812047de RSP = 0xffff88818424f390 [ 1028.489975] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1028.503970] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1028.513725] Interruptibility = 00000000 ActivityState = 00000000 [ 1028.519999] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1028.520013] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1028.520029] CR0=0000000080050033 CR3=00000001cbd9e000 CR4=00000000001426f0 [ 1028.520046] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1028.520059] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 16:52:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe]}}, 0x1c) [ 1028.520064] *** Control State *** [ 1028.520074] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1028.520082] EntryControls=0000d1ff ExitControls=002fefff [ 1028.520096] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1028.520107] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1028.520116] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1028.520129] reason=80000021 qualification=0000000000000000 [ 1028.568212] IDTVectoring: info=00000000 errcode=00000000 [ 1028.582124] *** Host State *** [ 1028.595864] RIP = 0xffffffff812047de RSP = 0xffff88818414f390 [ 1028.606337] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1028.628639] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1028.643418] TSC Offset = 0xfffffdd77c11c547 16:52:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}}, 0x1c) [ 1028.653390] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1028.661901] EPT pointer = 0x00000001be42701e [ 1028.662917] CR0=0000000080050033 CR3=00000001b3716000 CR4=00000000001426f0 [ 1028.689844] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1028.704827] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1028.721137] *** Control State *** [ 1028.728899] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1028.735979] EntryControls=0000d1ff ExitControls=002fefff [ 1028.759989] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1028.781988] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1028.789642] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1028.796384] reason=80000021 qualification=0000000000000000 [ 1028.803158] IDTVectoring: info=00000000 errcode=00000000 [ 1028.809084] TSC Offset = 0xfffffdd77b642502 [ 1028.813548] EPT pointer = 0x00000001cb4e101e 16:52:55 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x0, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:55 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}}, 0x1c) 16:52:55 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x0, 0x7016, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:55 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:55 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1031.006043] *** Guest State *** [ 1031.010992] IPVS: ftp: loaded support on port[0] = 21 [ 1031.044540] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:52:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}}, 0x1c) [ 1031.045051] *** Guest State *** [ 1031.073185] IPVS: ftp: loaded support on port[0] = 21 [ 1031.108157] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1031.117042] CR3 = 0x0000000000000000 [ 1031.128918] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1031.137797] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1031.164924] IPVS: ftp: loaded support on port[0] = 21 [ 1031.188339] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1031.194372] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:52:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000]}}, 0x1c) [ 1031.247166] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1031.268108] CR3 = 0x0000000000000000 [ 1031.271841] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1031.277821] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1031.298997] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1031.328391] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1031.368276] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1031.374971] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1031.374992] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1031.375013] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1031.375031] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1031.375052] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:52:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}}, 0x1c) [ 1031.375072] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1031.375092] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1031.375114] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1031.415485] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1031.452350] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:52:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, 0x1c) [ 1031.478138] FS: sel=0x0000, attr=0x030e9, limit=0x00000000, base=0x0000000000000000 [ 1031.538925] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1031.546959] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1031.546978] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1031.598543] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1031.618582] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1031.633593] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1031.641581] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:52:56 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1031.641595] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1031.641606] Interruptibility = 00000000 ActivityState = 00000000 [ 1031.641611] *** Host State *** [ 1031.641625] RIP = 0xffffffff812047de RSP = 0xffff88817a9df390 [ 1031.669041] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 16:52:56 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1031.698444] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1031.704903] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1031.750228] Interruptibility = 00000000 ActivityState = 00000000 [ 1031.756501] *** Host State *** [ 1031.778215] RIP = 0xffffffff812047de RSP = 0xffff88817ac37390 [ 1031.784338] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1031.795908] IPVS: ftp: loaded support on port[0] = 21 [ 1031.801496] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1031.806008] IPVS: ftp: loaded support on port[0] = 21 [ 1031.807912] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1031.807941] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1031.807957] CR0=0000000080050033 CR3=000000017fb36000 CR4=00000000001426f0 [ 1031.807974] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1031.808002] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1031.808007] *** Control State *** [ 1031.808022] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1031.818399] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1031.877056] EntryControls=0000d1ff ExitControls=002fefff [ 1031.898437] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1031.905387] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1031.905397] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1031.905406] reason=80000021 qualification=0000000000000000 [ 1031.905414] IDTVectoring: info=00000000 errcode=00000000 [ 1031.905437] TSC Offset = 0xfffffdd5cc027ded [ 1031.905447] EPT pointer = 0x00000001a852d01e [ 1032.008257] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1032.018318] CR0=0000000080050033 CR3=000000017b896000 CR4=00000000001426e0 [ 1032.025366] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1032.025381] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1032.025386] *** Control State *** [ 1032.025397] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1032.025406] EntryControls=0000d1ff ExitControls=002fefff [ 1032.025419] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1032.025432] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1032.025442] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1032.025451] reason=80000021 qualification=0000000000000000 [ 1032.025459] IDTVectoring: info=00000000 errcode=00000000 [ 1032.025466] TSC Offset = 0xfffffdd5cf8fc263 [ 1032.025480] EPT pointer = 0x00000001cbcf301e 16:52:59 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x0, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}}, 0x1c) 16:52:59 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x0, 0x7, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:52:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:52:59 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}}, 0x1c) [ 1034.145349] *** Guest State *** [ 1034.153869] *** Guest State *** [ 1034.160155] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1034.167954] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1034.179129] IPVS: ftp: loaded support on port[0] = 21 [ 1034.202277] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1034.203206] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1034.219744] IPVS: ftp: loaded support on port[0] = 21 [ 1034.240979] CR3 = 0x0000000000000000 [ 1034.261197] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1034.278426] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000]}}, 0x1c) [ 1034.307216] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1034.317661] CR3 = 0x0000000000000000 [ 1034.327813] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1034.351279] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1034.371452] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1034.381782] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1034.404075] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1034.422949] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1034.432530] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1034.449605] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1034.463575] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff]}}, 0x1c) [ 1034.481664] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1034.503688] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1034.515422] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1034.534426] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1034.549561] FS: sel=0x0000, attr=0x030e1, limit=0x00000000, base=0x0000000000000000 [ 1034.549580] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1034.569631] GDTR: limit=0x00003000, base=0x0000000000003000 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}}, 0x1c) [ 1034.585949] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1034.604606] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1034.613980] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1034.628951] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1034.650030] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1034.676163] IDTR: limit=0x00000001, base=0x0000000000105000 16:52:59 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:52:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff]}}, 0x1c) [ 1034.682575] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1034.695803] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1034.703667] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1034.720510] Interruptibility = 00000000 ActivityState = 00000000 [ 1034.734584] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:52:59 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1034.766746] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1034.778307] *** Host State *** [ 1034.799025] RIP = 0xffffffff812047de RSP = 0xffff88817ec7f390 [ 1034.805175] Interruptibility = 00000000 ActivityState = 00000000 [ 1034.819617] *** Host State *** [ 1034.831378] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1034.836397] IPVS: ftp: loaded support on port[0] = 21 [ 1034.837964] RIP = 0xffffffff812047de RSP = 0xffff88817e777390 [ 1034.861679] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1034.870096] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1034.880616] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1034.888838] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1034.895161] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1034.908932] CR0=0000000080050033 CR3=00000001be427000 CR4=00000000001426e0 [ 1034.919222] CR0=0000000080050033 CR3=00000001cbc3b000 CR4=00000000001426f0 [ 1034.931001] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1034.937894] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1034.945341] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1034.945672] IPVS: ftp: loaded support on port[0] = 21 [ 1034.952013] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1034.967197] *** Control State *** [ 1034.972335] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1034.991382] *** Control State *** [ 1034.999695] EntryControls=0000d1ff ExitControls=002fefff [ 1035.008179] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1035.015229] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1035.023382] EntryControls=0000d1ff ExitControls=002fefff [ 1035.029228] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1035.035794] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1035.035948] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1035.053658] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1035.075303] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1035.082981] reason=80000021 qualification=0000000000000000 [ 1035.088834] reason=80000021 qualification=0000000000000000 [ 1035.097920] IDTVectoring: info=00000000 errcode=00000000 [ 1035.104965] IDTVectoring: info=00000000 errcode=00000000 [ 1035.110909] TSC Offset = 0xfffffdd422134343 [ 1035.119581] TSC Offset = 0xfffffdd4236518cb [ 1035.119592] EPT pointer = 0x00000001d886a01e [ 1035.129012] EPT pointer = 0x00000001bd08f01e 16:53:02 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x0, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}}, 0x1c) 16:53:02 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x0, 0x7, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:02 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:02 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}}, 0x1c) [ 1037.198173] IPVS: ftp: loaded support on port[0] = 21 [ 1037.207417] *** Guest State *** [ 1037.222631] IPVS: ftp: loaded support on port[0] = 21 [ 1037.222757] *** Guest State *** [ 1037.239116] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1037.248009] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1037.256108] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1037.281301] IPVS: ftp: loaded support on port[0] = 21 [ 1037.300077] CR3 = 0x0000000000000000 [ 1037.303866] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1037.329977] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}}, 0x1c) [ 1037.362131] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1037.367453] CR3 = 0x0000000000000000 [ 1037.376742] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1037.393353] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1037.400622] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1037.418275] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1037.424994] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1037.438562] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1037.446609] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1037.488400] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1037.499164] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1037.509424] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}}, 0x1c) [ 1037.553722] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1037.582982] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1037.599392] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1037.632817] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1037.659432] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1037.673100] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}}, 0x1c) [ 1037.679412] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1037.692508] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1037.702964] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1037.719565] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1037.733167] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1037.745064] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1037.758205] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1037.778343] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1037.786504] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1037.789991] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1037.813467] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1037.821593] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:53:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}}, 0x1c) [ 1037.829524] Interruptibility = 00000000 ActivityState = 00000000 [ 1037.844937] *** Host State *** [ 1037.858264] RIP = 0xffffffff812047de RSP = 0xffff8881bd297390 [ 1037.861638] Interruptibility = 00000000 ActivityState = 00000000 16:53:02 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1037.880394] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1037.894239] *** Host State *** [ 1037.899060] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1037.906572] RIP = 0xffffffff812047de RSP = 0xffff88817e777390 [ 1037.927115] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1037.936993] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1037.947244] CR0=0000000080050033 CR3=00000001cec35000 CR4=00000000001426e0 [ 1037.966991] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1037.971771] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1037.981795] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1037.995645] CR0=0000000080050033 CR3=000000017e18b000 CR4=00000000001426f0 [ 1038.020998] IPVS: ftp: loaded support on port[0] = 21 [ 1038.028166] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1038.034899] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1038.035098] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1038.058149] *** Control State *** [ 1038.062472] *** Control State *** [ 1038.065976] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1038.072845] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1038.087124] EntryControls=0000d1ff ExitControls=002fefff [ 1038.095244] EntryControls=0000d1ff ExitControls=002fefff [ 1038.106710] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1038.114316] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1038.121836] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1038.129037] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1038.141934] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1038.142575] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1038.160168] reason=80000021 qualification=0000000000000000 [ 1038.165483] reason=80000021 qualification=0000000000000000 [ 1038.176462] IDTVectoring: info=00000000 errcode=00000000 [ 1038.182461] IDTVectoring: info=00000000 errcode=00000000 [ 1038.192560] TSC Offset = 0xfffffdd27ca6904f [ 1038.200911] TSC Offset = 0xfffffdd27ca69055 [ 1038.210195] EPT pointer = 0x000000017d60601e [ 1038.215556] EPT pointer = 0x00000001b602d01e 16:53:05 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x0, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}}, 0x1c) 16:53:05 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x0, 0x6, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:05 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1040.266633] IPVS: ftp: loaded support on port[0] = 21 16:53:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000]}}, 0x1c) [ 1040.302380] *** Guest State *** [ 1040.310374] *** Guest State *** [ 1040.343011] IPVS: ftp: loaded support on port[0] = 21 [ 1040.344779] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1040.360582] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1040.413705] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1040.423846] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1040.435407] CR3 = 0x0000000000000000 [ 1040.454112] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:53:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff]}}, 0x1c) [ 1040.461524] CR3 = 0x0000000000000000 [ 1040.473071] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1040.476001] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1040.494195] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1040.501147] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1040.523655] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1040.535114] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1040.545752] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1040.574096] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1040.578173] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1040.592796] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1040.621461] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1040.626543] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1040.640966] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1040.658850] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}}, 0x1c) [ 1040.673153] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1040.685305] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1040.698803] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1040.699039] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1040.707095] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1040.724887] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1040.733164] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1040.741745] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1040.748488] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1040.759786] Interruptibility = 00000000 ActivityState = 00000000 [ 1040.763905] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1040.774598] *** Host State *** [ 1040.778213] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1040.788351] RIP = 0xffffffff812047de RSP = 0xffff8881799af390 [ 1040.794974] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1040.803462] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1040.812147] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 16:53:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}, 0x1c) [ 1040.820364] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1040.828659] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1040.834772] CR0=0000000080050033 CR3=00000001c3bc6000 CR4=00000000001426f0 [ 1040.842088] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1040.849307] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1040.856309] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1040.864110] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1040.872106] Interruptibility = 00000000 ActivityState = 00000000 [ 1040.878701] *** Control State *** [ 1040.882443] *** Host State *** [ 1040.885899] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1040.892986] RIP = 0xffffffff812047de RSP = 0xffff88817e777390 [ 1040.899264] EntryControls=0000d1ff ExitControls=002fefff [ 1040.904983] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1040.912611] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:53:05 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1040.919943] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1040.928512] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1040.936171] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1040.943054] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1040.953690] CR0=0000000080050033 CR3=0000000182e20000 CR4=00000000001426e0 [ 1040.962608] reason=80000021 qualification=0000000000000000 16:53:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}}, 0x1c) [ 1040.977668] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1040.985829] IDTVectoring: info=00000000 errcode=00000000 [ 1041.000363] TSC Offset = 0xfffffdd0d6c70698 [ 1041.004970] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1041.016584] EPT pointer = 0x00000001b607501e 16:53:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1041.051805] *** Control State *** [ 1041.053885] IPVS: ftp: loaded support on port[0] = 21 [ 1041.055296] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1041.055305] EntryControls=0000d1ff ExitControls=002fefff [ 1041.055320] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1041.055331] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1041.055341] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1041.055350] reason=80000021 qualification=0000000000000000 [ 1041.055358] IDTVectoring: info=00000000 errcode=00000000 [ 1041.055370] TSC Offset = 0xfffffdd0d6f5e9ac [ 1041.118288] EPT pointer = 0x00000001b7ea301e [ 1041.203887] *** Guest State *** [ 1041.228471] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1041.264583] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1041.302169] CR3 = 0x0000000000000000 [ 1041.311526] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1041.317704] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1041.324635] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1041.338030] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1041.347342] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1041.355736] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1041.364109] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1041.372753] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1041.381313] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1041.389704] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1041.397873] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1041.407407] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1041.415928] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1041.424350] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1041.431519] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1041.439429] Interruptibility = 00000000 ActivityState = 00000000 [ 1041.445864] *** Host State *** [ 1041.449543] RIP = 0xffffffff812047de RSP = 0xffff88818414f390 [ 1041.455710] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1041.462664] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1041.470906] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1041.476996] CR0=0000000080050033 CR3=00000001c3bc6000 CR4=00000000001426f0 [ 1041.484451] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1041.491580] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1041.497801] *** Control State *** [ 1041.501726] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1041.508809] EntryControls=0000d1ff ExitControls=002fefff [ 1041.514487] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1041.521906] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1041.529931] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1041.536691] reason=80000021 qualification=0000000000000000 [ 1041.543633] IDTVectoring: info=00000000 errcode=00000000 [ 1041.549536] TSC Offset = 0xfffffdd05941631e [ 1041.554035] EPT pointer = 0x000000017b44801e 16:53:08 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x0, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:08 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x0, 0x8, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}}, 0x1c) 16:53:08 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1043.349645] *** Guest State *** [ 1043.354679] IPVS: ftp: loaded support on port[0] = 21 [ 1043.360207] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1043.361916] *** Guest State *** [ 1043.374202] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1043.380218] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:53:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000]}}, 0x1c) [ 1043.397334] IPVS: ftp: loaded support on port[0] = 21 [ 1043.404540] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1043.419523] CR3 = 0x0000000000000000 [ 1043.440024] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1043.440753] CR3 = 0x0000000000000000 [ 1043.470269] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1043.472683] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1043.476286] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1043.476302] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1043.476316] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1043.476337] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1043.503209] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1043.503222] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1043.503244] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1043.503273] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1043.503291] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1043.503311] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1043.503331] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1043.503345] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1043.503364] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1043.503378] IDTR: limit=0x00000001, base=0x0000000000105000 16:53:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}}, 0x1c) [ 1043.591929] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 16:53:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}}, 0x1c) [ 1043.646479] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 16:53:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff]}}, 0x1c) [ 1043.715051] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1043.741017] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1043.763912] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1043.775299] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1043.790964] Interruptibility = 00000000 ActivityState = 00000000 [ 1043.795176] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1043.821120] *** Host State *** [ 1043.828801] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1043.828819] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1043.846115] RIP = 0xffffffff812047de RSP = 0xffff8881d7217390 [ 1043.852465] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1043.859928] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1043.868515] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1043.876727] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1043.907036] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1043.915144] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1043.922430] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1043.930952] CR0=0000000080050033 CR3=00000001aaf8c000 CR4=00000000001426f0 [ 1043.943231] Interruptibility = 00000000 ActivityState = 00000000 [ 1043.950221] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1043.962921] *** Host State *** [ 1043.966965] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1043.975840] RIP = 0xffffffff812047de RSP = 0xffff88817d5c7390 [ 1043.982440] *** Control State *** [ 1043.986289] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1043.993022] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1044.000192] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1044.008351] EntryControls=0000d1ff ExitControls=002fefff [ 1044.014129] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 16:53:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000]}}, 0x1c) 16:53:09 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1044.020586] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1044.027752] CR0=0000000080050033 CR3=0000000183e98000 CR4=00000000001426e0 [ 1044.035104] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1044.051841] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1044.070966] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1044.101842] reason=80000021 qualification=0000000000000000 [ 1044.121037] IDTVectoring: info=00000000 errcode=00000000 [ 1044.128490] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1044.128747] TSC Offset = 0xfffffdcf3186005f [ 1044.134550] *** Control State *** [ 1044.134561] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 16:53:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f00000000]}}, 0x1c) [ 1044.134568] EntryControls=0000d1ff ExitControls=002fefff [ 1044.134583] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1044.134593] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1044.134603] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1044.134612] reason=80000021 qualification=0000000000000000 [ 1044.134620] IDTVectoring: info=00000000 errcode=00000000 [ 1044.134627] TSC Offset = 0xfffffdcf33a7f48c [ 1044.134635] EPT pointer = 0x00000001afc7c01e [ 1044.175531] IPVS: ftp: loaded support on port[0] = 21 [ 1044.192012] EPT pointer = 0x00000001d23bb01e 16:53:10 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000]}}, 0x1c) 16:53:10 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0xb52c, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:10 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x0, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1045.943445] *** Guest State *** [ 1045.951040] *** Guest State *** [ 1045.955647] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1045.966518] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1045.969476] IPVS: ftp: loaded support on port[0] = 21 [ 1045.980769] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1045.995663] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1045.997458] CR3 = 0x0000000000000000 [ 1046.010430] CR3 = 0x0000000000000000 [ 1046.014396] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1046.014473] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1046.028174] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1046.036975] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1046.045684] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1046.052791] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1046.059056] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1046.067660] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.076451] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1046.090543] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1046.099649] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.112872] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1046.121201] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1046.127060] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1046.129656] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1046.137502] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.145640] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1046.156929] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.170156] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1046.180859] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1046.181110] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1046.206635] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1046.206945] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1046.225067] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1046.225437] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1046.233555] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1046.249625] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1046.256183] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1046.264184] Interruptibility = 00000000 ActivityState = 00000000 [ 1046.270869] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1046.277857] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1046.286699] *** Host State *** [ 1046.290241] RIP = 0xffffffff812047de RSP = 0xffff88817a827390 [ 1046.296265] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 16:53:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000]}}, 0x1c) 16:53:11 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x0) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1046.296285] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1046.296298] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1046.296314] CR0=0000000080050033 CR3=00000001aa9f3000 CR4=00000000001426f0 [ 1046.296330] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1046.296342] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1046.296347] *** Control State *** [ 1046.296357] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1046.296369] EntryControls=0000d1ff ExitControls=002fefff [ 1046.316801] Interruptibility = 00000000 ActivityState = 00000000 [ 1046.348161] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1046.376617] *** Host State *** [ 1046.389014] RIP = 0xffffffff812047de RSP = 0xffff8881b80cf390 [ 1046.395009] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1046.395024] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1046.395037] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1046.395052] CR0=0000000080050033 CR3=000000017a645000 CR4=00000000001426e0 [ 1046.395068] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1046.395081] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1046.395086] *** Control State *** [ 1046.395096] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1046.395104] EntryControls=0000d1ff ExitControls=002fefff 16:53:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}}, 0x1c) [ 1046.395123] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1046.423432] IPVS: ftp: loaded support on port[0] = 21 [ 1046.459083] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1046.490527] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1046.497117] reason=80000021 qualification=0000000000000000 [ 1046.497125] IDTVectoring: info=00000000 errcode=00000000 [ 1046.497132] TSC Offset = 0xfffffdcdcde68231 [ 1046.497142] EPT pointer = 0x000000018417101e [ 1046.497211] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1046.497220] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1046.497229] reason=80000021 qualification=0000000000000000 [ 1046.497236] IDTVectoring: info=00000000 errcode=00000000 [ 1046.497248] TSC Offset = 0xfffffdcdcef5f67c [ 1046.510626] EPT pointer = 0x0000000188f4d01e 16:53:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}}, 0x1c) 16:53:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1046.649844] *** Guest State *** [ 1046.653154] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1046.689427] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:53:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}}, 0x1c) [ 1046.703368] CR3 = 0x0000000000000000 [ 1046.707102] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1046.717359] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1046.724603] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1046.731718] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1046.740232] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1046.766135] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1046.778122] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1046.782305] *** Guest State *** [ 1046.790040] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1046.797351] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1046.804624] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1046.810242] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1046.816903] CR3 = 0x0000000000000000 [ 1046.828462] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1046.835344] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1046.836610] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1046.843909] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1046.849602] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1046.859036] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1046.873216] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.888233] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.896462] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1046.901912] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1046.914917] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1046.923348] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1046.931063] Interruptibility = 00000000 ActivityState = 00000000 [ 1046.937497] *** Host State *** [ 1046.938664] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.940947] RIP = 0xffffffff812047de RSP = 0xffff88817bab7390 [ 1046.949286] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1046.954915] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1046.963277] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1046.969491] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1046.969505] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1046.969521] CR0=0000000080050033 CR3=000000017a645000 CR4=00000000001426f0 [ 1046.969537] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1046.969550] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1046.978318] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1046.992005] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1047.005570] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1047.011447] *** Control State *** [ 1047.019791] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1047.027531] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1047.037152] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1047.047207] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1047.053905] EntryControls=0000d1ff ExitControls=002fefff [ 1047.061190] Interruptibility = 00000000 ActivityState = 00000000 [ 1047.068318] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1047.073886] *** Host State *** [ 1047.087319] RIP = 0xffffffff812047de RSP = 0xffff8881799af390 [ 1047.096297] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1047.103396] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1047.103523] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:53:12 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(0x0, 0x0, 0x2) 16:53:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}, 0x1c) [ 1047.121962] reason=80000021 qualification=0000000000000000 [ 1047.122434] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1047.128524] IDTVectoring: info=00000000 errcode=00000000 [ 1047.141965] TSC Offset = 0xfffffdcdcef5f67c [ 1047.146511] EPT pointer = 0x0000000188f4d01e [ 1047.170144] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1047.181529] CR0=0000000080050033 CR3=0000000184464000 CR4=00000000001426f0 [ 1047.195228] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 16:53:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803]}}, 0x1c) 16:53:12 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1047.220538] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1047.224073] IPVS: ftp: loaded support on port[0] = 21 [ 1047.248279] *** Control State *** [ 1047.261114] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1047.275940] EntryControls=0000d1ff ExitControls=002fefff [ 1047.293503] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1047.311248] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1047.318742] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1047.325609] reason=80000021 qualification=0000000000000000 [ 1047.332473] IDTVectoring: info=00000000 errcode=00000000 [ 1047.338810] TSC Offset = 0xfffffdcd5a0b3d8f [ 1047.343360] EPT pointer = 0x00000001ba61201e [ 1047.369080] *** Guest State *** [ 1047.378719] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1047.398001] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1047.416203] CR3 = 0x0000000000000000 [ 1047.423921] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1047.430554] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1047.437638] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1047.445760] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1047.454345] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1047.463194] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1047.482661] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1047.510844] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1047.531970] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1047.544816] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1047.564438] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1047.586768] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1047.594982] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1047.603177] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1047.609766] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1047.617339] Interruptibility = 00000000 ActivityState = 00000000 [ 1047.624128] *** Host State *** [ 1047.627450] RIP = 0xffffffff812047de RSP = 0xffff88817de87390 [ 1047.633619] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1047.640199] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1047.648162] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1047.654147] CR0=0000000080050033 CR3=000000017a645000 CR4=00000000001426f0 [ 1047.661373] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1047.668240] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1047.674395] *** Control State *** [ 1047.677937] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1047.684936] EntryControls=0000d1ff ExitControls=002fefff [ 1047.690671] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1047.697750] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1047.705471] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1047.712414] reason=80000021 qualification=0000000000000000 [ 1047.719020] IDTVectoring: info=00000000 errcode=00000000 [ 1047.724607] TSC Offset = 0xfffffdcd0b3ff82e [ 1047.729277] EPT pointer = 0x00000001bc4fe01e [ 1047.778514] *** Guest State *** [ 1047.781999] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1047.791500] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1047.800863] CR3 = 0x0000000000000000 [ 1047.804798] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1047.811320] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1047.817516] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1047.824718] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1047.834298] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1047.842763] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1047.851368] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1047.859884] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1047.868403] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1047.876586] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1047.885088] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1047.893578] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1047.902033] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1047.910511] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1047.917144] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1047.925122] Interruptibility = 00000000 ActivityState = 00000000 [ 1047.931817] *** Host State *** [ 1047.935234] RIP = 0xffffffff812047de RSP = 0xffff8881d7217390 [ 1047.941747] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1047.948682] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1047.956750] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1047.964225] CR0=0000000080050033 CR3=000000017a645000 CR4=00000000001426f0 [ 1047.971856] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1047.979021] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1047.985523] *** Control State *** [ 1047.989611] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1047.996561] EntryControls=0000d1ff ExitControls=002fefff [ 1048.002520] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1048.009930] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1048.016819] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1048.024098] reason=80000021 qualification=0000000000000000 [ 1048.030946] IDTVectoring: info=00000000 errcode=00000000 [ 1048.036614] TSC Offset = 0xfffffdcd0b3ff82e [ 1048.041527] EPT pointer = 0x00000001bc4fe01e 16:53:13 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x0, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:13 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000]}}, 0x1c) 16:53:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1048.991682] IPVS: ftp: loaded support on port[0] = 21 [ 1049.020514] *** Guest State *** [ 1049.023827] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1049.043152] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1049.056794] CR3 = 0x0000000000000000 [ 1049.060982] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1049.067121] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1049.073310] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1049.080377] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.088651] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.096793] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1049.096810] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.113216] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.121452] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1049.129750] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1049.129791] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1049.146103] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1049.154310] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1049.162476] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1049.169122] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1049.176755] Interruptibility = 00000000 ActivityState = 00000000 [ 1049.183194] *** Host State *** [ 1049.183214] RIP = 0xffffffff812047de RSP = 0xffff888182fc7390 [ 1049.192613] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1049.199194] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1049.199208] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1049.199223] CR0=0000000080050033 CR3=00000001cec8b000 CR4=00000000001426e0 [ 1049.199238] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1049.213142] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1049.226965] *** Control State *** [ 1049.236571] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1049.243555] EntryControls=0000d1ff ExitControls=002fefff [ 1049.249215] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1049.256334] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1049.263238] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1049.270042] reason=80000021 qualification=0000000000000000 [ 1049.276567] IDTVectoring: info=00000000 errcode=00000000 [ 1049.276579] TSC Offset = 0xfffffdcc2d726d40 [ 1049.286534] EPT pointer = 0x00000001bd28301e 16:53:14 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x0) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:14 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(0x0, 0x0, 0x2) 16:53:14 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}}, 0x1c) 16:53:14 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x0, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1049.444901] IPVS: ftp: loaded support on port[0] = 21 16:53:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}}, 0x1c) [ 1049.467229] *** Guest State *** [ 1049.471714] IPVS: ftp: loaded support on port[0] = 21 [ 1049.485159] IPVS: ftp: loaded support on port[0] = 21 [ 1049.510980] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1049.511489] *** Guest State *** [ 1049.539602] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1049.579939] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1049.590013] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1049.599998] CR3 = 0x0000000000000000 [ 1049.604720] CR3 = 0x0000000000000000 [ 1049.609428] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1049.617846] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1049.655492] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1049.664842] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1049.664856] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1049.682756] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1049.689753] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}}, 0x1c) [ 1049.698614] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1049.713374] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.730789] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1049.740237] DS: sel=0x0000, attr=0x040d1, limit=0x00100000, base=0x0000000000000000 [ 1049.753051] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1049.764620] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1049.777474] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000]}}, 0x1c) [ 1049.801178] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1049.810770] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1049.819011] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1049.835491] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1049.864512] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1049.875133] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1049.885708] IDTR: limit=0x00000001, base=0x0000000000105000 16:53:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}}, 0x1c) [ 1049.911448] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1049.919892] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1049.926741] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1049.937580] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1049.941651] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1049.964511] Interruptibility = 00000000 ActivityState = 00000000 [ 1049.983925] *** Host State *** [ 1049.988563] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1049.996551] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1049.996563] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:53:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000]}}, 0x1c) [ 1049.996590] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1049.996600] Interruptibility = 00000000 ActivityState = 00000000 [ 1049.996605] *** Host State *** [ 1049.996620] RIP = 0xffffffff812047de RSP = 0xffff888182fc7390 [ 1050.044253] RIP = 0xffffffff812047de RSP = 0xffff88817ac37390 [ 1050.059069] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1050.073706] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1050.091442] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1050.103966] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1050.105493] CR0=0000000080050033 CR3=00000001cd9d4000 CR4=00000000001426f0 16:53:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}, 0x1c) [ 1050.110879] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1050.123394] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1050.125897] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1050.135017] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1050.138431] CR0=0000000080050033 CR3=00000001cb58f000 CR4=00000000001426f0 [ 1050.148609] *** Control State *** [ 1050.155756] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1050.163224] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1050.170522] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1050.176886] *** Control State *** [ 1050.180429] EntryControls=0000d1ff ExitControls=002fefff [ 1050.180446] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1050.180456] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1050.180466] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1050.180475] reason=80000021 qualification=0000000000000000 [ 1050.213097] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1050.220087] EntryControls=0000d1ff ExitControls=002fefff [ 1050.225584] IDTVectoring: info=00000000 errcode=00000000 [ 1050.225818] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1050.233805] TSC Offset = 0xfffffdcbebe4c055 [ 1050.238682] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1050.250584] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1050.260296] EPT pointer = 0x00000001d2dbf01e [ 1050.270752] reason=80000021 qualification=0000000000000000 [ 1050.277076] IDTVectoring: info=00000000 errcode=00000000 [ 1050.285288] TSC Offset = 0xfffffdcbebce1558 [ 1050.289969] EPT pointer = 0x0000000183fe701e 16:53:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:17 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x0) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:17 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x0, 0x4, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:17 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(0x0, 0x0, 0x2) 16:53:17 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401]}}, 0x1c) 16:53:17 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x0, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:17 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5]}}, 0x1c) [ 1052.567329] *** Guest State *** [ 1052.604766] *** Guest State *** [ 1052.618260] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1052.622964] IPVS: ftp: loaded support on port[0] = 21 [ 1052.646659] IPVS: ftp: loaded support on port[0] = 21 [ 1052.652140] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1052.684622] IPVS: ftp: loaded support on port[0] = 21 [ 1052.700593] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1052.731193] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1052.758002] CR3 = 0x0000000000000000 [ 1052.760012] CR3 = 0x0000000000000000 [ 1052.766845] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1052.768151] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1052.782538] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1052.796632] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:53:17 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}}, 0x1c) [ 1052.827638] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1052.831346] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1052.848374] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1052.858282] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1052.883438] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1052.908343] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1052.916556] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1052.926700] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1052.940899] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1052.954924] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000000000 [ 1052.963282] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1052.972349] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:53:18 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000]}}, 0x1c) [ 1052.988456] GS: sel=0x000d, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1052.996491] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1052.996513] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1052.996528] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1053.023110] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1053.046687] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1053.071077] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1053.094639] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1053.103179] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1053.120542] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1053.129407] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:53:18 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}}, 0x1c) [ 1053.144232] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1053.154395] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1053.168154] Interruptibility = 00000000 ActivityState = 00000000 [ 1053.169355] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1053.203974] Interruptibility = 00000000 ActivityState = 00000000 [ 1053.227549] *** Host State *** [ 1053.237952] RIP = 0xffffffff812047de RSP = 0xffff8881d45ef390 [ 1053.239711] *** Host State *** [ 1053.251523] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1053.258247] RIP = 0xffffffff812047de RSP = 0xffff88817b06f390 [ 1053.266846] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1053.281893] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1053.281905] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1053.299879] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1053.320182] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1053.326916] CR0=0000000080050033 CR3=00000001d4e43000 CR4=00000000001426e0 16:53:18 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffff7]}}, 0x1c) [ 1053.348792] CR0=0000000080050033 CR3=00000001c061b000 CR4=00000000001426f0 [ 1053.357999] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1053.372832] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1053.382044] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1053.388422] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1053.396272] *** Control State *** [ 1053.400224] *** Control State *** [ 1053.406454] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1053.414465] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1053.428115] EntryControls=0000d1ff ExitControls=002fefff [ 1053.433766] EntryControls=0000d1ff ExitControls=002fefff [ 1053.445059] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1053.453345] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1053.467179] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1053.474078] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1053.487728] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1053.495632] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1053.509301] reason=80000021 qualification=0000000000000000 [ 1053.515813] reason=80000021 qualification=0000000000000000 [ 1053.529040] IDTVectoring: info=00000000 errcode=00000000 [ 1053.535822] IDTVectoring: info=00000000 errcode=00000000 [ 1053.547627] TSC Offset = 0xfffffdca45deb8c6 [ 1053.553335] TSC Offset = 0xfffffdca441b113b [ 1053.561685] EPT pointer = 0x00000001c3ce801e [ 1053.568530] EPT pointer = 0x00000001ab70c01e 16:53:18 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x0, 0x19, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1053.729166] *** Guest State *** [ 1053.741684] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1053.780756] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1053.816436] CR3 = 0x0000000000000000 [ 1053.831327] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1053.838791] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1053.838925] *** Guest State *** [ 1053.844813] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1053.844827] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1053.844844] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1053.858371] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1053.907171] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1053.924374] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1053.926656] CR3 = 0x0000000000000000 [ 1053.945409] ES: sel=0x0019, attr=0x10000, limit=0x00000000, base=0x0000000000006004 [ 1053.956184] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1053.963913] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1053.970430] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1053.980295] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1053.982732] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1053.999539] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1054.015540] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1054.023499] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1054.047854] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1054.047911] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1054.083721] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1054.087910] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1054.101509] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1054.118939] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1054.128364] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1054.144378] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1054.155058] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1054.168999] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1054.180538] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1054.193807] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1054.207766] Interruptibility = 00000000 ActivityState = 00000000 [ 1054.217669] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1054.229917] *** Host State *** [ 1054.237698] RIP = 0xffffffff812047de RSP = 0xffff88817c857390 [ 1054.245148] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1054.257396] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1054.263923] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1054.272132] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1054.290140] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1054.304196] CR0=0000000080050033 CR3=00000001c061b000 CR4=00000000001426e0 [ 1054.321505] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1054.328480] Interruptibility = 00000000 ActivityState = 00000000 [ 1054.334807] *** Host State *** [ 1054.338004] RIP = 0xffffffff812047de RSP = 0xffff888189567390 [ 1054.351988] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1054.361614] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1054.372754] *** Control State *** [ 1054.379552] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1054.389750] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1054.403291] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1054.410506] EntryControls=0000d1ff ExitControls=002fefff [ 1054.424769] CR0=0000000080050033 CR3=000000017fb16000 CR4=00000000001426e0 [ 1054.433314] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1054.448355] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1054.455184] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1054.468732] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1054.476091] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1054.488546] *** Control State *** [ 1054.494443] reason=80000021 qualification=0000000000000000 [ 1054.503329] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1054.515765] IDTVectoring: info=00000000 errcode=00000000 [ 1054.523746] EntryControls=0000d1ff ExitControls=002fefff [ 1054.541629] TSC Offset = 0xfffffdc9a6c0769b [ 1054.548487] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1054.557811] EPT pointer = 0x00000001c2cb301e [ 1054.581094] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1054.618161] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1054.638167] reason=80000021 qualification=0000000000000000 [ 1054.644526] IDTVectoring: info=00000000 errcode=00000000 [ 1054.702737] TSC Offset = 0xfffffdc9957ffd5c [ 1054.717213] EPT pointer = 0x00000001c81f001e 16:53:21 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}, 0x1c) 16:53:21 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x0, 0x1000, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:21 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x0, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:21 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) 16:53:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}, 0x1c) [ 1056.945491] *** Guest State *** [ 1056.947504] IPVS: ftp: loaded support on port[0] = 21 [ 1056.952524] *** Guest State *** [ 1056.971871] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1056.996545] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1057.025170] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1057.034640] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:53:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000]}}, 0x1c) [ 1057.064838] IPVS: ftp: loaded support on port[0] = 21 [ 1057.074816] CR3 = 0x0000000000000000 [ 1057.089027] IPVS: ftp: loaded support on port[0] = 21 [ 1057.109591] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1057.120041] CR3 = 0x0000000000000000 [ 1057.132679] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1057.148679] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1057.168917] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1057.181643] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1057.187876] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}}, 0x1c) [ 1057.218557] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1057.225318] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1057.225338] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1057.245226] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1057.277744] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1057.305873] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 16:53:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0]}}, 0x1c) [ 1057.350857] ES: sel=0x0000, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1057.359157] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1057.367204] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1057.375479] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1057.384238] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1057.392564] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1057.407337] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1057.415635] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1057.424005] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1057.432439] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1057.446934] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1057.459748] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1057.466136] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1057.486298] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1057.498240] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:53:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}, 0x1c) [ 1057.508946] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1057.536846] Interruptibility = 00000000 ActivityState = 00000000 [ 1057.539712] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1057.572594] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1057.589417] *** Host State *** [ 1057.593072] RIP = 0xffffffff812047de RSP = 0xffff88817bbef390 [ 1057.599136] Interruptibility = 00000000 ActivityState = 00000000 [ 1057.599559] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1057.612363] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 16:53:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000]}}, 0x1c) [ 1057.620664] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1057.627012] CR0=0000000080050033 CR3=00000001cca3c000 CR4=00000000001426e0 [ 1057.633998] *** Host State *** [ 1057.634840] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1057.659309] RIP = 0xffffffff812047de RSP = 0xffff88817a9df390 [ 1057.686337] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1057.708394] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1057.714824] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1057.724888] *** Control State *** [ 1057.734045] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1057.741849] EntryControls=0000d1ff ExitControls=002fefff [ 1057.747581] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1057.753943] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1057.761655] CR0=0000000080050033 CR3=00000001c399a000 CR4=00000000001426e0 [ 1057.769116] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1057.782949] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1057.789977] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1057.804372] reason=80000021 qualification=0000000000000000 [ 1057.813496] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1057.828921] IDTVectoring: info=00000000 errcode=00000000 [ 1057.834616] *** Control State *** [ 1057.838511] TSC Offset = 0xfffffdc7ead765d3 [ 1057.843106] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1057.850260] EPT pointer = 0x000000017e59201e [ 1057.858237] EntryControls=0000d1ff ExitControls=002fefff [ 1057.868298] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1057.888488] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1057.903978] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1057.913285] reason=80000021 qualification=0000000000000000 [ 1057.926968] IDTVectoring: info=00000000 errcode=00000000 [ 1057.938377] TSC Offset = 0xfffffdc7ea696532 [ 1057.942811] EPT pointer = 0x00000001d225501e 16:53:24 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}, 0x1c) 16:53:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:24 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x0, 0x3, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:25 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) 16:53:25 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x0, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d]}}, 0x1c) [ 1060.057882] *** Guest State *** [ 1060.082553] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1060.093692] *** Guest State *** [ 1060.097006] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1060.113754] IPVS: ftp: loaded support on port[0] = 21 [ 1060.128235] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1060.145701] IPVS: ftp: loaded support on port[0] = 21 [ 1060.161632] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}}, 0x1c) [ 1060.218507] CR3 = 0x0000000000000000 [ 1060.224495] CR3 = 0x0000000000000000 [ 1060.236891] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1060.246781] IPVS: ftp: loaded support on port[0] = 21 [ 1060.257241] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1060.283006] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1060.296227] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1060.317098] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1060.333424] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1060.364718] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1060.381668] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1060.405883] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}}, 0x1c) [ 1060.439878] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1060.447900] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1060.447936] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1060.447957] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1060.447971] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1060.447990] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1060.448010] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1060.492073] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}}, 0x1c) [ 1060.555090] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1060.578197] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1060.595720] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1060.615699] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1060.660586] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1060.677419] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}}, 0x1c) [ 1060.703132] Interruptibility = 00000000 ActivityState = 00000000 [ 1060.718306] *** Host State *** [ 1060.721706] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1060.739457] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1060.747479] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1060.747493] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1060.747513] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1060.747523] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1060.747536] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1060.785573] RIP = 0xffffffff812047de RSP = 0xffff88817c107390 [ 1060.818669] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1060.827471] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1060.844541] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1060.857332] CR0=0000000080050033 CR3=00000001aca62000 CR4=00000000001426e0 16:53:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe800000]}}, 0x1c) [ 1060.874754] Interruptibility = 00000000 ActivityState = 00000000 [ 1060.882367] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1060.908103] *** Host State *** [ 1060.911316] RIP = 0xffffffff812047de RSP = 0xffff8881b977f390 [ 1060.917330] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1060.923802] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1060.923808] *** Control State *** [ 1060.923817] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1060.923825] EntryControls=0000d1ff ExitControls=002fefff [ 1060.923838] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1060.975470] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1061.008387] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1061.015093] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1061.022456] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1061.036354] CR0=0000000080050033 CR3=00000001c7b29000 CR4=00000000001426e0 [ 1061.045794] reason=80000021 qualification=0000000000000000 [ 1061.058176] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1061.059104] IDTVectoring: info=00000000 errcode=00000000 [ 1061.066175] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1061.078174] *** Control State *** [ 1061.081773] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1061.093090] TSC Offset = 0xfffffdc63facc242 [ 1061.103099] EntryControls=0000d1ff ExitControls=002fefff [ 1061.108961] EPT pointer = 0x000000017c1e901e [ 1061.121456] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1061.129973] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1061.136786] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1061.143819] reason=80000021 qualification=0000000000000000 [ 1061.150615] IDTVectoring: info=00000000 errcode=00000000 [ 1061.156225] TSC Offset = 0xfffffdc642298716 [ 1061.161680] EPT pointer = 0x00000001c271c01e 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}}, 0x1c) 16:53:28 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x0, 0x7ff00, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:28 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:28 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) 16:53:28 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0x0, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}}, 0x1c) [ 1063.168836] *** Guest State *** [ 1063.180506] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1063.180931] *** Guest State *** [ 1063.231763] IPVS: ftp: loaded support on port[0] = 21 [ 1063.242802] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1063.254717] IPVS: ftp: loaded support on port[0] = 21 [ 1063.285560] CR3 = 0x0000000000000000 [ 1063.291974] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1063.302307] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1063.328720] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1063.346651] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1063.357368] IPVS: ftp: loaded support on port[0] = 21 [ 1063.366270] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}}, 0x1c) [ 1063.369444] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1063.394654] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1063.418624] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1063.444198] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1063.483903] CR3 = 0x0000000000000000 [ 1063.487636] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1063.506062] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1063.519224] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1063.527686] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1063.538431] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff5]}}, 0x1c) [ 1063.559748] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1063.594181] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1063.602804] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1063.632552] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1063.636844] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1063.662078] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80fe]}}, 0x1c) [ 1063.685399] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1063.694484] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1063.708230] Interruptibility = 00000000 ActivityState = 00000000 [ 1063.728787] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1063.735617] *** Host State *** [ 1063.742944] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1063.769448] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:53:28 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1063.782238] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1063.798253] RIP = 0xffffffff812047de RSP = 0xffff8881d9707390 [ 1063.808225] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1063.816550] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1063.827508] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 16:53:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}}, 0x1c) [ 1063.836066] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1063.844505] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1063.850848] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1063.859247] CR0=0000000080050033 CR3=00000001cec8b000 CR4=00000000001426e0 [ 1063.871299] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1063.880315] IPVS: ftp: loaded support on port[0] = 21 [ 1063.880811] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1063.899460] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1063.912849] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1063.921124] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1063.941003] *** Control State *** [ 1063.947122] Interruptibility = 00000000 ActivityState = 00000000 [ 1063.956217] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1063.964935] *** Host State *** [ 1063.968884] EntryControls=0000d1ff ExitControls=002fefff [ 1063.974597] RIP = 0xffffffff812047de RSP = 0xffff8881896bf390 [ 1063.980985] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:53:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000]}}, 0x1c) [ 1063.988841] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1063.995590] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1064.003396] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1064.019514] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1064.028820] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1064.038470] reason=80000021 qualification=0000000000000000 [ 1064.047753] CR0=0000000080050033 CR3=000000017f1cc000 CR4=00000000001426f0 [ 1064.067723] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1064.068896] IDTVectoring: info=00000000 errcode=00000000 [ 1064.084928] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1064.096146] *** Control State *** [ 1064.103636] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1064.123320] TSC Offset = 0xfffffdc49714ec28 [ 1064.125791] EntryControls=0000d1ff ExitControls=002fefff [ 1064.127653] EPT pointer = 0x00000001aff4101e [ 1064.143542] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1064.165038] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1064.186007] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1064.193103] reason=80000021 qualification=0000000000000000 [ 1064.199844] IDTVectoring: info=00000000 errcode=00000000 [ 1064.205586] TSC Offset = 0xfffffdc494f93885 [ 1064.210664] EPT pointer = 0x0000000171d5c01e 16:53:29 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff]}}, 0x1c) 16:53:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1064.374319] *** Guest State *** [ 1064.382189] *** Guest State *** [ 1064.385808] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1064.395003] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1064.404474] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1064.413655] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1064.422979] CR3 = 0x0000000000000000 [ 1064.427591] CR3 = 0x0000000000000000 [ 1064.431650] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1064.437870] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1064.444236] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1064.450519] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1064.457456] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1064.463719] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1064.471980] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1064.479074] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1064.489350] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1064.497581] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1064.506063] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1064.514503] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1064.522862] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1064.522882] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1064.531290] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1064.547252] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1064.555531] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1064.555659] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1064.571946] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1064.578870] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1064.580322] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1064.588010] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1064.596233] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1064.612330] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1064.619114] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1064.626927] Interruptibility = 00000000 ActivityState = 00000000 [ 1064.633536] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1064.633552] *** Host State *** [ 1064.645050] RIP = 0xffffffff812047de RSP = 0xffff888189227390 [ 1064.651465] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1064.658343] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1064.658367] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1064.666330] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1064.666342] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1064.666354] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1064.666364] Interruptibility = 00000000 ActivityState = 00000000 [ 1064.666369] *** Host State *** [ 1064.666381] RIP = 0xffffffff812047de RSP = 0xffff888183c9f390 [ 1064.666404] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1064.666416] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1064.666432] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1064.674537] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1064.716431] CR0=0000000080050033 CR3=0000000182e1c000 CR4=00000000001426e0 [ 1064.718338] CR0=0000000080050033 CR3=00000001d311a000 CR4=00000000001426e0 [ 1064.730862] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1064.739030] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1064.745558] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1064.760267] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1064.765946] *** Control State *** [ 1064.771890] *** Control State *** [ 1064.778566] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1064.781505] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1064.785051] EntryControls=0000d1ff ExitControls=002fefff [ 1064.791838] EntryControls=0000d1ff ExitControls=002fefff [ 1064.798638] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1064.798647] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1064.798661] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1064.812075] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1064.816730] reason=80000021 qualification=0000000000000000 [ 1064.831080] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1064.838208] IDTVectoring: info=00000000 errcode=00000000 [ 1064.844320] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1064.850504] TSC Offset = 0xfffffdc3f158346c [ 1064.856209] reason=80000021 qualification=0000000000000000 [ 1064.862662] EPT pointer = 0x00000001cf36d01e [ 1064.867510] IDTVectoring: info=00000000 errcode=00000000 [ 1064.888185] TSC Offset = 0xfffffdc3f1140de4 [ 1064.892631] EPT pointer = 0x00000001c076c01e [ 1064.929211] *** Guest State *** [ 1064.932504] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1064.964648] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1064.975097] CR3 = 0x0000000000000000 [ 1064.979348] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1064.985553] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1064.991989] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1064.999682] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1065.007838] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1065.016322] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1065.024763] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1065.033227] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1065.041770] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1065.050202] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1065.058769] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1065.066972] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1065.075420] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1065.083833] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1065.090666] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1065.099983] Interruptibility = 00000000 ActivityState = 00000000 [ 1065.106459] *** Host State *** [ 1065.110162] RIP = 0xffffffff812047de RSP = 0xffff88818945f390 [ 1065.116355] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1065.123210] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1065.131486] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1065.137563] CR0=0000000080050033 CR3=00000001d311a000 CR4=00000000001426f0 [ 1065.145093] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1065.152198] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1065.158719] *** Control State *** [ 1065.162409] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1065.169554] EntryControls=0000d1ff ExitControls=002fefff [ 1065.175195] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1065.182601] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1065.189726] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1065.196446] reason=80000021 qualification=0000000000000000 [ 1065.202974] IDTVectoring: info=00000000 errcode=00000000 [ 1065.208594] TSC Offset = 0xfffffdc3f1140de4 [ 1065.212973] EPT pointer = 0x00000001c076c01e 16:53:31 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) [ 1066.178544] IPVS: ftp: loaded support on port[0] = 21 16:53:31 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0x0, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, 0x1c) 16:53:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:31 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x0, 0xac6a, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:31 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) [ 1066.366366] IPVS: ftp: loaded support on port[0] = 21 [ 1066.378901] *** Guest State *** [ 1066.380020] *** Guest State *** [ 1066.385462] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1066.385478] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1066.385486] CR3 = 0x0000000000000000 [ 1066.385499] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1066.396740] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1066.418285] IPVS: ftp: loaded support on port[0] = 21 [ 1066.436222] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1066.458357] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1066.465094] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1066.496068] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1066.505166] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1066.514054] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1066.522600] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1066.542288] CR3 = 0x0000000000000000 [ 1066.542301] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1066.547253] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1066.569239] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1066.575271] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1066.594957] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1066.604525] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1066.618503] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1066.626505] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1066.626520] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1066.626540] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1066.626552] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1066.626564] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1066.626578] Interruptibility = 00000000 ActivityState = 00000000 [ 1066.634786] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1066.692074] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1066.709999] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1066.715567] *** Host State *** [ 1066.729074] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1066.744155] RIP = 0xffffffff812047de RSP = 0xffff8881afe27390 [ 1066.753844] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1066.762460] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1066.768270] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1066.777244] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1066.785789] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1066.785864] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1066.794585] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1066.810540] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1066.817204] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1066.825247] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1066.825764] Interruptibility = 00000000 ActivityState = 00000000 [ 1066.848588] *** Host State *** [ 1066.851988] CR0=0000000080050033 CR3=000000017de43000 CR4=00000000001426f0 [ 1066.859570] RIP = 0xffffffff812047de RSP = 0xffff888184b97390 16:53:31 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:31 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) 16:53:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}}, 0x1c) [ 1066.870605] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1066.878914] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1066.886699] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1066.901896] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1066.908493] *** Control State *** [ 1066.914806] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1066.924916] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1066.933015] CR0=0000000080050033 CR3=00000001cd870000 CR4=00000000001426e0 [ 1066.940606] EntryControls=0000d1ff ExitControls=002fefff [ 1066.946503] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1066.953723] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1066.957244] IPVS: ftp: loaded support on port[0] = 21 [ 1066.961206] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 16:53:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000]}}, 0x1c) [ 1066.973564] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1066.980865] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1066.987797] *** Control State *** [ 1066.993656] IPVS: ftp: loaded support on port[0] = 21 [ 1066.995149] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1067.009232] reason=80000021 qualification=0000000000000000 [ 1067.020386] EntryControls=0000d1ff ExitControls=002fefff [ 1067.028775] IDTVectoring: info=00000000 errcode=00000000 [ 1067.049658] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1067.063469] TSC Offset = 0xfffffdc2dcb5a15e [ 1067.076088] EPT pointer = 0x00000001ceff601e [ 1067.081687] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1067.104370] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:53:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}, 0x1c) 16:53:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1067.137754] reason=80000021 qualification=0000000000000000 [ 1067.171654] IDTVectoring: info=00000000 errcode=00000000 [ 1067.210711] TSC Offset = 0xfffffdc2de3571f9 [ 1067.215089] EPT pointer = 0x000000017d2a301e 16:53:32 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1067.377674] *** Guest State *** [ 1067.392698] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1067.408375] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1067.417224] CR3 = 0x0000000000000000 [ 1067.422604] *** Guest State *** [ 1067.426633] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1067.436291] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1067.440239] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1067.445489] CR3 = 0x0000000000000000 [ 1067.455467] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1067.461980] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1067.468903] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1067.475887] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1067.478162] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1067.484208] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1067.499510] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1067.501171] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1067.507814] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1067.524289] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1067.532535] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1067.532773] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1067.549373] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1067.557739] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1067.558166] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1067.566092] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1067.582404] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1067.590850] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1067.592908] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1067.597587] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1067.613315] Interruptibility = 00000000 ActivityState = 00000000 [ 1067.620059] *** Host State *** [ 1067.623575] RIP = 0xffffffff812047de RSP = 0xffff88817cdb7390 [ 1067.625484] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1067.631118] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1067.644572] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1067.648100] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1067.652744] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1067.666717] CR0=0000000080050033 CR3=00000001d91b7000 CR4=00000000001426f0 [ 1067.674240] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1067.674913] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1067.681239] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1067.695558] *** Control State *** [ 1067.699496] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1067.706488] EntryControls=0000d1ff ExitControls=002fefff [ 1067.710346] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1067.712269] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1067.727286] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1067.734418] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1067.735669] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1067.741369] reason=80000021 qualification=0000000000000000 [ 1067.755917] IDTVectoring: info=00000000 errcode=00000000 [ 1067.763093] TSC Offset = 0xfffffdc24bd180a3 [ 1067.767674] EPT pointer = 0x00000001d1dc501e [ 1067.769244] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1067.780506] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1067.788931] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1067.795437] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1067.798217] *** Guest State *** [ 1067.803263] Interruptibility = 00000000 ActivityState = 00000000 [ 1067.807634] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1067.812945] *** Host State *** [ 1067.825053] RIP = 0xffffffff812047de RSP = 0xffff8881d9207390 [ 1067.831473] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1067.837965] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1067.841361] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1067.846267] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1067.861022] CR0=0000000080050033 CR3=00000001ccc66000 CR4=00000000001426f0 [ 1067.868251] CR3 = 0x0000000000000000 [ 1067.872028] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1067.878003] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1067.884396] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1067.891391] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1067.897450] *** Control State *** [ 1067.901269] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1067.907990] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1067.916288] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1067.923274] EntryControls=0000d1ff ExitControls=002fefff [ 1067.929173] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1067.937186] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1067.945520] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1067.952728] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1067.959687] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1067.966269] reason=80000021 qualification=0000000000000000 [ 1067.973056] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1067.981388] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1067.989385] IDTVectoring: info=00000000 errcode=00000000 [ 1067.989393] TSC Offset = 0xfffffdc2588c654f [ 1067.989402] EPT pointer = 0x00000001d89bb01e [ 1067.996034] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1068.012300] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1068.020871] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1068.029203] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1068.037221] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1068.045595] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1068.052490] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1068.060376] Interruptibility = 00000000 ActivityState = 00000000 [ 1068.066636] *** Host State *** [ 1068.072292] RIP = 0xffffffff812047de RSP = 0xffff88817a9df390 [ 1068.079778] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1068.086260] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1068.095612] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1068.101885] CR0=0000000080050033 CR3=00000001d91b7000 CR4=00000000001426f0 [ 1068.109260] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1068.115998] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1068.122458] *** Control State *** [ 1068.125956] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1068.133067] EntryControls=0000d1ff ExitControls=002fefff [ 1068.138921] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1068.145884] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1068.152909] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1068.159957] reason=80000021 qualification=0000000000000000 [ 1068.166335] IDTVectoring: info=00000000 errcode=00000000 [ 1068.172192] TSC Offset = 0xfffffdc24bd180a3 [ 1068.176557] EPT pointer = 0x00000001d1dc501e 16:53:34 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0x0, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e8]}}, 0x1c) 16:53:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:34 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x0, 0x1, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000]}}, 0x1c) [ 1069.455954] *** Guest State *** [ 1069.468760] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1069.476077] *** Guest State *** [ 1069.489476] IPVS: ftp: loaded support on port[0] = 21 [ 1069.501515] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1069.504100] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1069.513198] CR3 = 0x0000000000000000 [ 1069.522021] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1069.542584] CR3 = 0x0000000000000000 [ 1069.549006] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1069.549509] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1069.565599] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1069.576994] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1069.601482] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1069.601674] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1069.622727] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1069.634652] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1069.635746] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1069.651064] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1069.664170] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1069.678365] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1069.685675] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1069.694672] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1069.708927] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1069.710032] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1069.725258] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1069.743083] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1069.744146] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1069.751516] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1069.767501] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1069.775930] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1069.776157] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1069.784455] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1069.800419] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1069.809168] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1069.817256] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1069.825153] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1069.831988] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1069.840866] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1069.848711] Interruptibility = 00000000 ActivityState = 00000000 [ 1069.855069] *** Host State *** [ 1069.858751] RIP = 0xffffffff812047de RSP = 0xffff8881d9707390 [ 1069.864858] Interruptibility = 00000000 ActivityState = 00000000 [ 1069.872526] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1069.879339] *** Host State *** [ 1069.882669] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1069.890879] RIP = 0xffffffff812047de RSP = 0xffff88817a9df390 [ 1069.897027] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1069.903315] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 16:53:34 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}}, 0x1c) [ 1069.911144] CR0=0000000080050033 CR3=000000017f552000 CR4=00000000001426f0 [ 1069.918847] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1069.925675] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1069.933900] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1069.940347] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1069.946387] *** Control State *** [ 1069.950359] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1069.967178] CR0=0000000080050033 CR3=00000001d47b3000 CR4=00000000001426e0 [ 1069.980417] EntryControls=0000d1ff ExitControls=002fefff [ 1070.004826] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:53:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}}, 0x1c) 16:53:35 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/11, 0x10158) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000540)="e91f7189591e9233614b00", 0x10a) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)="e91f7189591e9233614b00", 0x0, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000780)='./file0/../file0\x00', 0x0, 0x0) ioctl$FIONREAD(r2, 0x541b, 0x0) [ 1070.027767] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1070.055402] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1070.072607] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1070.081828] IPVS: ftp: loaded support on port[0] = 21 [ 1070.092984] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1070.099923] *** Control State *** [ 1070.106407] reason=80000021 qualification=0000000000000000 [ 1070.113310] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1070.138809] IDTVectoring: info=00000000 errcode=00000000 [ 1070.144338] TSC Offset = 0xfffffdc1366b4033 [ 1070.149103] EntryControls=0000d1ff ExitControls=002fefff [ 1070.154634] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1070.178326] EPT pointer = 0x00000001ccfa401e 16:53:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe]}}, 0x1c) [ 1070.187559] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1070.195535] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1070.231800] reason=80000021 qualification=0000000000000000 16:53:35 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1070.273895] IDTVectoring: info=00000000 errcode=00000000 [ 1070.304364] TSC Offset = 0xfffffdc136932323 [ 1070.322227] EPT pointer = 0x00000001bf9bc01e 16:53:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000]}}, 0x1c) [ 1070.444813] *** Guest State *** [ 1070.457917] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1070.469950] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1070.479368] CR3 = 0x0000000000000000 [ 1070.483275] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1070.489845] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1070.496022] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1070.503734] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1070.512186] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1070.520707] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1070.529152] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1070.538590] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1070.546914] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1070.555440] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1070.563904] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1070.572438] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1070.582047] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1070.591804] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1070.598745] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1070.606457] Interruptibility = 00000000 ActivityState = 00000000 [ 1070.613154] *** Host State *** [ 1070.616565] RIP = 0xffffffff812047de RSP = 0xffff888179dcf390 [ 1070.623062] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1070.630034] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1070.638355] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1070.644484] CR0=0000000080050033 CR3=00000001d9691000 CR4=00000000001426e0 [ 1070.651982] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1070.659271] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1070.665569] *** Control State *** [ 1070.669535] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1070.676435] EntryControls=0000d1ff ExitControls=002fefff [ 1070.682392] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1070.689821] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1070.696702] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1070.703817] reason=80000021 qualification=0000000000000000 [ 1070.710621] IDTVectoring: info=00000000 errcode=00000000 [ 1070.716348] TSC Offset = 0xfffffdc0b0282437 [ 1070.722315] EPT pointer = 0x00000001d8fa701e [ 1070.778194] *** Guest State *** [ 1070.781829] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1070.791380] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1070.800758] CR3 = 0x0000000000000000 [ 1070.804839] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1070.811414] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1070.817657] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1070.824903] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1070.833556] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1070.842121] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1070.851851] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1070.860493] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1070.876516] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1070.888317] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1070.896589] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1070.905171] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1070.913701] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1070.922230] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1070.929203] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1070.939306] Interruptibility = 00000000 ActivityState = 00000000 [ 1070.947040] *** Host State *** [ 1070.951735] RIP = 0xffffffff812047de RSP = 0xffff8881896bf390 [ 1070.964917] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1070.972503] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1070.984206] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1070.997377] CR0=0000000080050033 CR3=00000001d9691000 CR4=00000000001426f0 [ 1071.007884] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1071.015163] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1071.021820] *** Control State *** [ 1071.025507] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1071.032714] EntryControls=0000d1ff ExitControls=002fefff [ 1071.038887] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1071.046031] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1071.053206] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1071.060264] reason=80000021 qualification=0000000000000000 [ 1071.066832] IDTVectoring: info=00000000 errcode=00000000 [ 1071.072827] TSC Offset = 0xfffffdc0b0282437 [ 1071.077406] EPT pointer = 0x00000001d8fa701e 16:53:37 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:37 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf401]}}, 0x1c) 16:53:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) inotify_init1(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000400)={{{@in=@local, @in6=@ipv4={[], [], @local}}}, {{@in=@broadcast}, 0x0, @in=@remote}}, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:53:37 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x0, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1072.539545] *** Guest State *** [ 1072.548968] *** Guest State *** [ 1072.552312] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1072.562469] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1072.571642] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1072.578484] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1072.591682] IPVS: ftp: loaded support on port[0] = 21 [ 1072.600445] CR3 = 0x0000000000000000 [ 1072.607843] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1072.612799] CR3 = 0x0000000000000000 [ 1072.623331] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1072.624990] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1072.636845] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1072.653029] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1072.667567] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1072.676271] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1072.680718] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1072.707824] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1072.716757] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1072.734367] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1072.748371] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1072.756487] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1072.767137] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1072.784297] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1072.795951] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1072.825727] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1072.837214] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1072.856865] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1072.866352] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1072.879692] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1072.888650] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1072.895425] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1072.903674] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1072.912583] Interruptibility = 00000000 ActivityState = 00000000 [ 1072.920777] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1072.929574] *** Host State *** [ 1072.933149] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1072.942020] RIP = 0xffffffff812047de RSP = 0xffff88817c607390 [ 1072.948802] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1072.955688] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1072.964532] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1072.973202] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1072.982008] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1072.988804] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1072.995632] CR0=0000000080050033 CR3=00000001ce65d000 CR4=00000000001426f0 16:53:38 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}}, 0x1c) [ 1073.021046] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1073.035774] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1073.044034] Interruptibility = 00000000 ActivityState = 00000000 [ 1073.050962] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1073.067037] *** Host State *** 16:53:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}}, 0x1c) [ 1073.077213] RIP = 0xffffffff812047de RSP = 0xffff8881d9707390 [ 1073.090508] *** Control State *** [ 1073.098461] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1073.107103] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1073.142170] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1073.145069] EntryControls=0000d1ff ExitControls=002fefff [ 1073.174358] IPVS: ftp: loaded support on port[0] = 21 [ 1073.180522] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1073.208027] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1073.208642] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1073.221751] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1073.241455] reason=80000021 qualification=0000000000000000 [ 1073.249681] CR0=0000000080050033 CR3=00000001ccbeb000 CR4=00000000001426f0 16:53:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}}, 0x1c) [ 1073.257556] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1073.283858] IDTVectoring: info=00000000 errcode=00000000 [ 1073.304530] TSC Offset = 0xfffffdbf910cfcfd 16:53:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000013, &(0x7f0000000280)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup(r0) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") setsockopt$inet6_buf(r2, 0x29, 0x30, &(0x7f00000002c0)="3d026dfbba37a06149cc1e1d1331a2838ce996fc9311cd83411f1a5260b6ab20a588c019d8e53dc85ea2618dadc8e55f195f6a68233b873f6d861dd60f346de62168a7a4c049a437fa507639a3a02142f3813983a4624ea4bfcf95686d7887658b586e2b19d81fcb77affbe137969cd9c5273d48f8a8edb792604e4e1433b4789a467b6824311773fce36ef044bcbb11", 0x90) connect$unix(r1, 0x0, 0x0) [ 1073.310084] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1073.318431] EPT pointer = 0x00000001b79be01e [ 1073.339407] *** Control State *** [ 1073.378894] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 16:53:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}}, 0x1c) [ 1073.419203] EntryControls=0000d1ff ExitControls=002fefff [ 1073.424717] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1073.478513] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1073.519112] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1073.560665] reason=80000021 qualification=0000000000000000 [ 1073.588178] IDTVectoring: info=00000000 errcode=00000000 [ 1073.593674] TSC Offset = 0xfffffdbf92961b41 [ 1073.598002] EPT pointer = 0x000000017a0f001e [ 1073.607414] *** Guest State *** [ 1073.628223] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1073.637105] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1073.637117] CR3 = 0x0000000000000000 [ 1073.683868] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1073.706216] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1073.719747] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1073.736485] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1073.778515] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1073.798241] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000000000 [ 1073.806296] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1073.828235] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1073.836222] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1073.871727] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1073.890374] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1073.930514] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1073.944035] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1073.952662] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1073.959503] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1073.967017] Interruptibility = 00000000 ActivityState = 00000000 [ 1073.973822] *** Host State *** [ 1073.977149] RIP = 0xffffffff812047de RSP = 0xffff88817cdb7390 [ 1073.983514] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1073.990599] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1073.998789] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1074.004753] CR0=0000000080050033 CR3=0000000187f89000 CR4=00000000001426f0 [ 1074.012147] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1074.019234] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1074.025354] *** Control State *** [ 1074.029292] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1074.036015] EntryControls=0000d1ff ExitControls=002fefff [ 1074.041947] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1074.049295] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1074.056029] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1074.062978] reason=80000021 qualification=0000000000000000 [ 1074.070662] IDTVectoring: info=00000000 errcode=00000000 [ 1074.076158] TSC Offset = 0xfffffdbf00d02944 [ 1074.080894] EPT pointer = 0x00000001cda9401e 16:53:40 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f00000000]}}, 0x1c) 16:53:40 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) 16:53:40 executing program 5: syz_mount_image$vfat(&(0x7f0000000300)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0xe004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400100401000200027000f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000000)=""/45, 0x2d) getdents64(0xffffffffffffffff, 0x0, 0x0) 16:53:40 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}}, 0x1c) [ 1075.643110] *** Guest State *** [ 1075.655489] IPVS: ftp: loaded support on port[0] = 21 [ 1075.667161] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1075.685982] IPVS: ftp: loaded support on port[0] = 21 16:53:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000140)={0x84, @multicast1, 0x0, 0x1102, 'mh\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 '}, 0x2c) [ 1075.687261] *** Guest State *** [ 1075.736415] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1075.769602] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:53:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}}, 0x1c) [ 1075.778427] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1075.787343] CR3 = 0x0000000000000000 [ 1075.799207] CR3 = 0x0000000000000000 [ 1075.828753] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1075.834831] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1075.840146] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1075.885371] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1075.895197] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1075.921688] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:53:40 executing program 5: unshare(0x8020000) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) syz_open_dev$usb(0x0, 0x0, 0x801) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000a00)) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000100)=0x559f, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x416, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x10062101, &(0x7f0000000180)="156b001f7186570f11872209006ab5fd824d23e35467b4aad899bc1d890aa41693", 0x0, 0x0, &(0x7f00000004c0)) socket$inet6(0xa, 0x0, 0x0) [ 1075.929787] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1075.949124] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1075.963577] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1075.974900] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:53:41 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff00000000]}}, 0x1c) [ 1075.986480] SS: sel=0x0000, attr=0x07003, limit=0x00000000, base=0x0000000000000000 [ 1076.016975] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1076.067401] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1076.078245] ES: sel=0x0019, attr=0x03081, limit=0x00000004, base=0x0000000000006004 [ 1076.099265] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 16:53:41 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000]}}, 0x1c) [ 1076.149316] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1076.165638] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1076.184573] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1076.203620] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1076.218675] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1076.246617] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1076.258514] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1076.294532] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1076.305177] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1076.324540] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1076.338709] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1076.355919] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1076.363415] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1076.363428] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1076.363441] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1076.363452] Interruptibility = 00000000 ActivityState = 00000000 [ 1076.363457] *** Host State *** [ 1076.363470] RIP = 0xffffffff812047de RSP = 0xffff88817e71f390 [ 1076.363495] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1076.363508] FSBase=00007fb75975d700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1076.363520] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1076.363535] CR0=0000000080050033 CR3=00000001b55ba000 CR4=00000000001426f0 [ 1076.428789] Interruptibility = 00000000 ActivityState = 00000000 [ 1076.428817] *** Host State *** [ 1076.448545] RIP = 0xffffffff812047de RSP = 0xffff8881b60b7390 [ 1076.464970] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1076.478455] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1076.501040] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1076.514961] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1076.526550] CR0=0000000080050033 CR3=00000001cc57e000 CR4=00000000001426f0 [ 1076.534566] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1076.545424] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1076.548426] *** Control State *** [ 1076.560122] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1076.560129] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1076.560139] *** Control State *** [ 1076.573635] EntryControls=0000d1ff ExitControls=002fefff [ 1076.590018] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1076.592303] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1076.604114] EntryControls=0000d1ff ExitControls=002fefff [ 1076.615389] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1076.617216] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1076.630414] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1076.645245] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1076.648120] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1076.658634] reason=80000021 qualification=0000000000000000 [ 1076.668138] reason=80000021 qualification=0000000000000000 [ 1076.671988] IDTVectoring: info=00000000 errcode=00000000 [ 1076.674495] IDTVectoring: info=00000000 errcode=00000000 [ 1076.674503] TSC Offset = 0xfffffdbdec8df344 [ 1076.674514] EPT pointer = 0x0000000179b1f01e [ 1076.718278] TSC Offset = 0xfffffdbde3c84b73 [ 1076.722768] EPT pointer = 0x00000001d1ab901e 16:53:43 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8030000]}}, 0x1c) 16:53:43 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) 16:53:43 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:43 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x0, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1078.683820] IPVS: ftp: loaded support on port[0] = 21 16:53:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f4]}}, 0x1c) [ 1078.720883] *** Guest State *** [ 1078.724196] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1078.737785] *** Guest State *** [ 1078.754131] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1078.773243] IPVS: ftp: loaded support on port[0] = 21 [ 1078.789572] IPVS: ftp: loaded support on port[0] = 21 [ 1078.793883] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1078.804621] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1078.852694] CR3 = 0x0000000000000000 [ 1078.874856] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1078.884284] CR3 = 0x0000000000000000 [ 1078.909935] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1078.910592] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:53:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}}, 0x1c) [ 1078.917346] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1078.966649] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1078.982213] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1078.999655] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1079.018167] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1079.039710] SS: sel=0x0000, attr=0x07001, limit=0x00000000, base=0x0000000000000000 16:53:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff00000000]}}, 0x1c) [ 1079.061537] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1079.072753] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1079.081764] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1079.087819] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1079.129429] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1079.133434] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1079.137460] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1079.137481] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000000000 [ 1079.137505] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1079.137519] GDTR: limit=0x00003000, base=0x0000000000003000 16:53:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18000000]}}, 0x1c) [ 1079.137540] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1079.137555] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1079.182679] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1079.247427] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1079.280930] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1079.308189] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1079.309934] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1079.316204] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1079.316218] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1079.316229] Interruptibility = 00000000 ActivityState = 00000000 [ 1079.316234] *** Host State *** [ 1079.316248] RIP = 0xffffffff812047de RSP = 0xffff8881801cf390 16:53:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}}, 0x1c) [ 1079.316270] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1079.332758] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1079.368210] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 16:53:44 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) [ 1079.398633] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1079.404594] CR0=0000000080050033 CR3=00000001ce8f6000 CR4=00000000001426e0 [ 1079.425318] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1079.446942] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1079.457379] Interruptibility = 00000000 ActivityState = 00000000 [ 1079.466277] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1079.471754] *** Host State *** [ 1079.476263] RIP = 0xffffffff812047de RSP = 0xffff8881c12a7390 [ 1079.486539] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1079.500330] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1079.508159] *** Control State *** [ 1079.508171] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1079.508180] EntryControls=0000d1ff ExitControls=002fefff [ 1079.508196] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1079.508207] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1079.508217] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1079.521133] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1079.526909] IPVS: ftp: loaded support on port[0] = 21 [ 1079.531200] CR0=0000000080050033 CR3=00000001a979b000 CR4=00000000001426f0 [ 1079.560299] reason=80000021 qualification=0000000000000000 [ 1079.565046] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1079.576233] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1079.583113] *** Control State *** [ 1079.586853] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1079.593869] EntryControls=0000d1ff ExitControls=002fefff [ 1079.594018] IDTVectoring: info=00000000 errcode=00000000 [ 1079.599608] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1079.622484] TSC Offset = 0xfffffdbc451329cc [ 1079.639360] EPT pointer = 0x00000001bae4a01e [ 1079.642906] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1079.673227] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1079.683662] reason=80000021 qualification=0000000000000000 [ 1079.712999] IDTVectoring: info=00000000 errcode=00000000 [ 1079.726767] TSC Offset = 0xfffffdbc411ddb7e [ 1079.744200] EPT pointer = 0x00000001b945b01e 16:53:46 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x0, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff000]}}, 0x1c) 16:53:46 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x0, 0xb, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:46 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000]}}, 0x1c) [ 1081.806589] *** Guest State *** [ 1081.813222] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1081.825262] *** Guest State *** [ 1081.836247] IPVS: ftp: loaded support on port[0] = 21 [ 1081.842967] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1081.855675] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1081.878371] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1081.887150] CR3 = 0x0000000000000000 [ 1081.904800] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1081.926002] IPVS: ftp: loaded support on port[0] = 21 [ 1081.931937] CR3 = 0x0000000000000000 [ 1081.939087] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1081.954620] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1081.977434] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1081.984923] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1082.015601] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:47 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}}, 0x1c) [ 1082.024973] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1082.045483] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1082.062034] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1082.063268] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1082.085539] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1082.094453] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1082.103179] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1082.104847] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1082.111907] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1082.133858] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1082.153263] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1082.165832] IDTR: limit=0x00000001, base=0x0000000000105000 16:53:47 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff000]}}, 0x1c) [ 1082.179423] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1082.196573] FS: sel=0x000b, attr=0x030e9, limit=0x00000000, base=0x0000000000012000 [ 1082.205882] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1082.213766] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1082.235964] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1082.253377] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1082.256949] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1082.272823] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1082.276180] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1082.298776] Interruptibility = 00000000 ActivityState = 00000000 [ 1082.305028] *** Host State *** [ 1082.318242] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 16:53:47 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}}, 0x1c) [ 1082.331309] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1082.346886] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1082.362395] RIP = 0xffffffff812047de RSP = 0xffff88817e2a7390 [ 1082.392202] Interruptibility = 00000000 ActivityState = 00000000 [ 1082.412127] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1082.427494] *** Host State *** [ 1082.449810] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1082.465959] RIP = 0xffffffff812047de RSP = 0xffff8881801cf390 [ 1082.472531] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1082.489886] CR0=0000000080050033 CR3=00000001d192c000 CR4=00000000001426e0 16:53:47 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}}, 0x1c) [ 1082.498443] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1082.508506] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1082.525590] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1082.532202] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1082.552604] CR0=0000000080050033 CR3=00000001abdd6000 CR4=00000000001426e0 [ 1082.565512] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1082.588348] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1082.594197] *** Control State *** 16:53:47 executing program 0: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) close(r0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RSTATu(r1, &(0x7f0000000680)={0x70, 0x7d, 0x0, {{0x0, 0x53, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x8, 'ip_vti0\x00', 0x8, 'ip_vti0\x00', 0x4, 'user', 0xc, 'vmnet0md5sum'}, 0x8, 'ip_vti0\x00'}}, 0x70) [ 1082.612723] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1082.621634] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1082.637887] *** Control State *** 16:53:47 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}}, 0x1c) [ 1082.661150] EntryControls=0000d1ff ExitControls=002fefff [ 1082.674807] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1082.695668] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1082.708613] EntryControls=0000d1ff ExitControls=002fefff [ 1082.729056] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1082.739961] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1082.760100] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1082.780149] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1082.794130] reason=80000021 qualification=0000000000000000 [ 1082.816973] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1082.824013] IDTVectoring: info=00000000 errcode=00000000 [ 1082.843473] TSC Offset = 0xfffffdba9a25b13e [ 1082.858155] reason=80000021 qualification=0000000000000000 [ 1082.866840] EPT pointer = 0x00000001cae4301e [ 1082.892026] IDTVectoring: info=00000000 errcode=00000000 [ 1082.913570] TSC Offset = 0xfffffdba9bfd2939 [ 1082.929399] EPT pointer = 0x00000001b624701e 16:53:49 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x0, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:49 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0xffffffffffffffff}, 0x1c) 16:53:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffffffffff]}}, 0x1c) 16:53:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:49 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0x0, 0x8, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:49 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sched_setaffinity(0x0, 0x7, &(0x7f0000000240)=0x8000009) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000300)={0x0, 0x6, {0x0, 0x0, 0x0, {}, {}, @ramp}, {0x0, 0x0, 0x0, {}, {0xb68}}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='sit0\x00', 0x8b) sendto$inet(r1, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x0, 0x2ffd}, 0x4) sendto$inet(r1, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) 16:53:49 executing program 0: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000a40), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000000)=0x0) io_getevents(r0, 0x3, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0)={0x0, 0x989680}) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00', 0xffffffffffffffff, 0x700}, &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0) 16:53:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}}, 0x1c) [ 1084.931274] *** Guest State *** [ 1084.934679] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1084.935912] *** Guest State *** [ 1084.953916] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1084.966660] CR3 = 0x0000000000000000 16:53:50 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sched_setaffinity(0x0, 0x7, &(0x7f0000000240)=0x8000009) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000300)={0x0, 0x6, {0x0, 0x0, 0x0, {}, {}, @ramp}, {0x0, 0x0, 0x0, {}, {0xb68}}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='sit0\x00', 0x8b) sendto$inet(r1, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x0, 0x2ffd}, 0x4) sendto$inet(r1, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) [ 1084.979523] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1084.983922] IPVS: ftp: loaded support on port[0] = 21 [ 1085.027125] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1085.045229] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1085.081442] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1085.084211] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1085.089031] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1085.115953] CR3 = 0x0000000000000000 16:53:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}, 0x1c) 16:53:50 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f00000004c0)) [ 1085.127605] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1085.139027] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1085.145036] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1085.153591] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:53:50 executing program 0: ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000a40), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x1, &(0x7f0000000000)=0x0) io_getevents(r0, 0x3, 0x3, &(0x7f0000000040)=[{}, {}, {}], &(0x7f00000000c0)={0x0, 0x989680}) request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00', 0xffffffffffffffff, 0x700}, &(0x7f0000001fee)="520972697374e363757367725669643a4465", 0x0) [ 1085.194503] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1085.228435] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1085.243909] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.252475] FS: sel=0x0000, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1085.286413] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1085.314018] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1085.323664] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.340852] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1085.358323] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.366499] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1085.374982] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.383672] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1085.392223] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1085.399543] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.407679] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1085.415635] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1085.424060] Interruptibility = 00000000 ActivityState = 00000000 [ 1085.430864] *** Host State *** [ 1085.434207] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1085.442827] RIP = 0xffffffff812047de RSP = 0xffff88818957f390 [ 1085.449320] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1085.455867] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1085.464394] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1085.473807] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1085.482313] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1085.488675] CR0=0000000080050033 CR3=000000017ed58000 CR4=00000000001426f0 [ 1085.495825] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1085.504438] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1085.511642] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1085.518706] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1085.524976] *** Control State *** [ 1085.529023] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1085.536647] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1085.543981] Interruptibility = 00000000 ActivityState = 00000000 [ 1085.550726] EntryControls=0000d1ff ExitControls=002fefff [ 1085.556312] *** Host State *** [ 1085.560251] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1085.567358] RIP = 0xffffffff812047de RSP = 0xffff888183257390 [ 1085.573954] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1085.581122] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1085.587694] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1085.594782] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1085.604045] reason=80000021 qualification=0000000000000000 [ 1085.610942] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1085.617005] IDTVectoring: info=00000000 errcode=00000000 [ 1085.622904] CR0=0000000080050033 CR3=00000001c38dc000 CR4=00000000001426e0 [ 1085.630399] TSC Offset = 0xfffffdb8ee3a04d3 [ 1085.634936] EPT pointer = 0x000000017db1f01e [ 1085.640026] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1085.650472] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1085.656927] *** Control State *** [ 1085.661036] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1085.667804] EntryControls=0000d1ff ExitControls=002fefff [ 1085.673692] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1085.680979] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1085.687765] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1085.694753] reason=80000021 qualification=0000000000000000 [ 1085.718610] IDTVectoring: info=00000000 errcode=00000000 [ 1085.724081] TSC Offset = 0xfffffdb8f18fda4f [ 1085.734647] EPT pointer = 0x00000001bf4b101e 16:53:52 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4010000]}}, 0x1c) 16:53:52 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x10001) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000fffffffe) 16:53:52 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:52 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x0, 0x15d, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:52 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x0, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:52 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}}, 0x1c) 16:53:53 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1088.006977] *** Guest State *** [ 1088.019634] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1088.029265] *** Guest State *** [ 1088.047395] IPVS: ftp: loaded support on port[0] = 21 [ 1088.064769] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1088.073844] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1088.091077] IPVS: ftp: loaded support on port[0] = 21 [ 1088.110016] CR3 = 0x0000000000000000 [ 1088.121012] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1088.141888] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80000000000000]}}, 0x1c) [ 1088.168187] CR3 = 0x0000000000000000 [ 1088.182651] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1088.204646] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1088.238224] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1088.244279] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1088.251084] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1088.257774] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1088.261145] IPVS: ftp: loaded support on port[0] = 21 [ 1088.279435] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1088.288337] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1088.292077] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1088.302664] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1088.320529] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}}, 0x1c) [ 1088.354960] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1088.360198] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1088.387028] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1088.398533] FS: sel=0x000b, attr=0x030e1, limit=0x00002000, base=0x0000000000012000 [ 1088.430090] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1088.442054] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1088.451211] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1088.459567] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1088.467794] IDTR: limit=0x00000001, base=0x0000000000105000 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}}, 0x1c) [ 1088.478384] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1088.486615] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1088.494900] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1088.501682] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1088.509894] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1088.518380] Interruptibility = 00000000 ActivityState = 00000000 [ 1088.528413] *** Host State *** [ 1088.537996] RIP = 0xffffffff812047de RSP = 0xffff888183257390 [ 1088.552076] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1088.558812] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1088.567182] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffff000]}}, 0x1c) [ 1088.575467] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1088.582089] CR0=0000000080050033 CR3=00000001ce8f6000 CR4=00000000001426e0 [ 1088.589476] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1088.597714] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1088.606765] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1088.625125] *** Control State *** [ 1088.630076] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1088.637156] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1088.644437] EntryControls=0000d1ff ExitControls=002fefff [ 1088.650374] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1088.660371] Interruptibility = 00000000 ActivityState = 00000000 [ 1088.663190] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1088.676725] *** Host State *** 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800000000000000]}}, 0x1c) [ 1088.684404] RIP = 0xffffffff812047de RSP = 0xffff88818945f390 [ 1088.692032] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1088.703661] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1088.714072] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1088.729544] reason=80000021 qualification=0000000000000000 [ 1088.735924] IDTVectoring: info=00000000 errcode=00000000 [ 1088.753870] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 16:53:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff00000000]}}, 0x1c) [ 1088.787391] TSC Offset = 0xfffffdb74a8261dd [ 1088.797465] EPT pointer = 0x0000000180e7601e [ 1088.814163] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1088.862104] CR0=0000000080050033 CR3=00000001ccc0d000 CR4=00000000001426f0 [ 1088.894431] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1088.916167] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1088.934180] *** Control State *** [ 1088.949959] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1088.956778] EntryControls=0000d1ff ExitControls=002fefff [ 1088.962461] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1088.969807] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1088.976499] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1088.983374] reason=80000021 qualification=0000000000000000 [ 1088.989869] IDTVectoring: info=00000000 errcode=00000000 [ 1088.995348] TSC Offset = 0xfffffdb7478cb8ab [ 1088.999783] EPT pointer = 0x00000001bc6f601e 16:53:55 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:53:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1090.277474] IPVS: ftp: loaded support on port[0] = 21 [ 1090.289851] *** Guest State *** [ 1090.293144] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1090.309088] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1090.336684] CR3 = 0x0000000000000000 [ 1090.348740] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1090.370020] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1090.381562] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1090.395490] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.410865] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.419735] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.429703] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.444485] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.453115] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1090.461733] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1090.470109] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1090.478498] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1090.486523] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1090.494897] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1090.501814] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1090.509633] Interruptibility = 00000000 ActivityState = 00000000 [ 1090.515908] *** Host State *** [ 1090.519435] RIP = 0xffffffff812047de RSP = 0xffff88817a4bf390 [ 1090.525461] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1090.532191] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1090.540334] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1090.546264] CR0=0000000080050033 CR3=00000001d8bb9000 CR4=00000000001426f0 [ 1090.553695] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1090.560734] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1090.566843] *** Control State *** [ 1090.570721] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1090.577421] EntryControls=0000d1ff ExitControls=002fefff [ 1090.583371] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1090.590643] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1090.597361] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1090.604249] reason=80000021 qualification=0000000000000000 [ 1090.610913] IDTVectoring: info=00000000 errcode=00000000 [ 1090.616400] TSC Offset = 0xfffffdb60f6aaccb [ 1090.621110] EPT pointer = 0x00000001ce39f01e 16:53:56 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}}, 0x1c) 16:53:56 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x0, 0x17, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:56 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) 16:53:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000]}}, 0x1c) [ 1091.099249] *** Guest State *** [ 1091.114465] IPVS: ftp: loaded support on port[0] = 21 [ 1091.119982] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1091.186894] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1091.212420] CR3 = 0x0000000000000000 [ 1091.236935] *** Guest State *** [ 1091.240502] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1091.247205] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1091.270380] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1091.274387] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}, 0x1c) [ 1091.292359] CR3 = 0x0000000000000000 [ 1091.304726] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1091.316187] IPVS: ftp: loaded support on port[0] = 21 [ 1091.326714] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1091.347396] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1091.361067] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1091.365806] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000]}}, 0x1c) [ 1091.403194] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1091.416236] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1091.424651] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1091.449448] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1091.464704] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1091.473205] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffff7]}}, 0x1c) [ 1091.498624] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1091.516891] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1091.535236] FS: sel=0x000b, attr=0x10000, limit=0x00002000, base=0x0000000000012000 [ 1091.586238] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1091.607992] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:53:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000]}}, 0x1c) [ 1091.632541] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1091.645227] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1091.658398] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1091.696925] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1091.708393] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1091.712932] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1091.729310] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1091.737679] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1091.743581] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1091.750394] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1091.772951] Interruptibility = 00000000 ActivityState = 00000000 [ 1091.779736] *** Host State *** [ 1091.780199] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1091.783281] RIP = 0xffffffff812047de RSP = 0xffff8881832df390 [ 1091.795944] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1091.798800] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1091.803123] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1091.818077] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1091.824266] CR0=0000000080050033 CR3=00000001c381a000 CR4=00000000001426f0 [ 1091.832248] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1091.844394] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1091.857832] *** Control State *** [ 1091.858582] Interruptibility = 00000000 ActivityState = 00000000 [ 1091.865578] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1091.874669] EntryControls=0000d1ff ExitControls=002fefff [ 1091.880747] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1091.880762] *** Host State *** [ 1091.887946] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1091.899508] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1091.906403] reason=80000021 qualification=0000000000000000 [ 1091.908092] RIP = 0xffffffff812047de RSP = 0xffff88817a0bf390 [ 1091.913314] IDTVectoring: info=00000000 errcode=00000000 [ 1091.924703] TSC Offset = 0xfffffdb58ecfb482 [ 1091.928121] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1091.929664] EPT pointer = 0x00000001d4e1b01e [ 1091.935450] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1091.935464] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1091.935481] CR0=0000000080050033 CR3=000000017c8da000 CR4=00000000001426e0 [ 1091.935498] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1091.935511] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1091.935516] *** Control State *** [ 1091.935526] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1091.935540] EntryControls=0000d1ff ExitControls=002fefff [ 1091.947869] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1091.967599] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1091.967614] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1092.016395] reason=80000021 qualification=0000000000000000 [ 1092.022860] IDTVectoring: info=00000000 errcode=00000000 [ 1092.028444] TSC Offset = 0xfffffdb5a1a673f1 [ 1092.032770] EPT pointer = 0x00000001ac24401e 16:53:58 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}}, 0x1c) 16:53:58 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1093.287988] IPVS: ftp: loaded support on port[0] = 21 16:53:59 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:53:59 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) 16:53:59 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x0, 0x70e, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:53:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}}, 0x1c) 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}}, 0x1c) [ 1094.194293] *** Guest State *** [ 1094.199431] *** Guest State *** [ 1094.208166] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1094.217126] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1094.237362] IPVS: ftp: loaded support on port[0] = 21 [ 1094.252919] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1094.262399] IPVS: ftp: loaded support on port[0] = 21 [ 1094.264869] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1094.299579] CR3 = 0x0000000000000000 [ 1094.315525] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1094.323532] CR3 = 0x0000000000000000 [ 1094.327311] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1094.348792] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1094.362209] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1094.368549] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1094.377895] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.380676] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, 0x1c) [ 1094.404332] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.417859] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1094.438525] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1094.447010] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1094.464232] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.494085] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.502556] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1094.515442] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.524955] FS: sel=0x000b, attr=0x03089, limit=0x00002000, base=0x0000000000012000 [ 1094.533396] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1094.542140] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1094.550718] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1094.559507] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1094.568272] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1094.576560] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1094.585707] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1094.593998] IDTR: limit=0x00000001, base=0x0000000000105000 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}}, 0x1c) [ 1094.603534] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1094.615031] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1094.623312] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1094.641194] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1094.650185] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1094.662967] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1094.671089] Interruptibility = 00000000 ActivityState = 00000000 [ 1094.679063] *** Host State *** [ 1094.689569] Interruptibility = 00000000 ActivityState = 00000000 [ 1094.699134] RIP = 0xffffffff812047de RSP = 0xffff8881d21ef390 [ 1094.701909] *** Host State *** [ 1094.716111] RIP = 0xffffffff812047de RSP = 0xffff88817bccf390 [ 1094.725775] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1094.732577] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1094.744802] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}}, 0x1c) [ 1094.753094] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1094.768884] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1094.783027] CR0=0000000080050033 CR3=00000001c01d7000 CR4=00000000001426e0 [ 1094.790678] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18]}}, 0x1c) [ 1094.800190] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1094.816227] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1094.816236] *** Control State *** [ 1094.825083] CR0=0000000080050033 CR3=00000001b3da7000 CR4=00000000001426e0 [ 1094.829608] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1094.856209] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1094.859509] EntryControls=0000d1ff ExitControls=002fefff [ 1094.876588] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1094.884410] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1094.894410] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1094.901518] *** Control State *** 16:53:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, 0x1c) [ 1094.905017] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1094.916037] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1094.937289] EntryControls=0000d1ff ExitControls=002fefff [ 1094.946415] reason=80000021 qualification=0000000000000000 [ 1094.959089] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1094.966242] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1094.967080] IDTVectoring: info=00000000 errcode=00000000 [ 1094.978763] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1094.985666] reason=80000021 qualification=0000000000000000 [ 1094.991415] TSC Offset = 0xfffffdb3f7e5f86f [ 1094.992625] IDTVectoring: info=00000000 errcode=00000000 [ 1095.003551] TSC Offset = 0xfffffdb3f8022d98 [ 1095.004159] EPT pointer = 0x00000001c24b301e [ 1095.008415] EPT pointer = 0x00000001b8b5601e 16:54:01 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) [ 1096.320526] IPVS: ftp: loaded support on port[0] = 21 16:54:02 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:02 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x0) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0]}}, 0x1c) 16:54:02 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:02 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe80]}}, 0x1c) [ 1097.302174] *** Guest State *** [ 1097.305608] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1097.336649] IPVS: ftp: loaded support on port[0] = 21 16:54:02 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1097.347922] IPVS: ftp: loaded support on port[0] = 21 [ 1097.367254] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1097.402503] IPVS: ftp: loaded support on port[0] = 21 [ 1097.419370] CR3 = 0x0000000000000000 [ 1097.437960] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:54:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}}, 0x1c) [ 1097.468818] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1097.490275] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1097.523356] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1097.560067] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1097.593322] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1097.620049] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:02 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1097.649208] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1097.657204] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}}, 0x1c) [ 1097.736935] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1097.775949] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 16:54:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}}, 0x1c) [ 1097.814426] *** Guest State *** [ 1097.816389] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1097.828391] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1097.863206] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1097.878173] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1097.895703] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1097.907547] CR3 = 0x0000000000000000 [ 1097.912254] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1097.918716] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1097.925327] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1097.928630] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1097.941454] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1097.967273] Interruptibility = 00000000 ActivityState = 00000000 [ 1097.973346] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1097.975124] *** Host State *** [ 1097.985031] RIP = 0xffffffff812047de RSP = 0xffff8881842c7390 [ 1097.991511] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1098.003438] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1098.009912] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1098.009933] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1098.009951] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1098.009965] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1098.009998] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1098.018798] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1098.035411] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1098.042524] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1098.050644] CR0=0000000080050033 CR3=00000001a84df000 CR4=00000000001426e0 [ 1098.058482] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1098.065905] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1098.072554] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1098.087772] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1098.101140] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1098.101146] *** Control State *** [ 1098.101156] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1098.101171] EntryControls=0000d1ff ExitControls=002fefff [ 1098.101200] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1098.101208] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1098.101217] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1098.101224] reason=80000021 qualification=0000000000000000 [ 1098.101231] IDTVectoring: info=00000000 errcode=00000000 [ 1098.101237] TSC Offset = 0xfffffdb251c646a5 [ 1098.101245] EPT pointer = 0x00000001d3a7601e [ 1098.105589] Interruptibility = 00000000 ActivityState = 00000000 [ 1098.128700] *** Host State *** [ 1098.137863] RIP = 0xffffffff812047de RSP = 0xffff8881801cf390 [ 1098.137888] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1098.137900] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1098.137913] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1098.171316] CR0=0000000080050033 CR3=00000001ab871000 CR4=00000000001426e0 [ 1098.179901] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1098.187522] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1098.209238] *** Control State *** [ 1098.221641] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1098.231352] EntryControls=0000d1ff ExitControls=002fefff [ 1098.243540] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1098.250620] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1098.257369] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1098.264046] reason=80000021 qualification=0000000000000000 [ 1098.270410] IDTVectoring: info=00000000 errcode=00000000 [ 1098.270419] TSC Offset = 0xfffffdb20abb0d22 [ 1098.270431] EPT pointer = 0x00000001cb03901e [ 1098.298321] *** Guest State *** [ 1098.301646] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1098.310593] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1098.319737] CR3 = 0x0000000000000000 [ 1098.323463] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1098.323477] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1098.323495] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1098.323510] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1098.323533] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1098.323556] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1098.335874] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1098.350655] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1098.366787] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1098.382909] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1098.399346] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1098.407451] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1098.415908] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1098.424094] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1098.424108] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1098.424118] Interruptibility = 00000000 ActivityState = 00000000 [ 1098.424123] *** Host State *** [ 1098.424135] RIP = 0xffffffff812047de RSP = 0xffff88817bb1f390 [ 1098.424157] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1098.424168] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1098.424180] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1098.424194] CR0=0000000080050033 CR3=00000001ab871000 CR4=00000000001426e0 [ 1098.424210] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1098.424223] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1098.424228] *** Control State *** [ 1098.424238] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1098.424246] EntryControls=0000d1ff ExitControls=002fefff [ 1098.424260] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1098.424270] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1098.424285] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1098.440119] reason=80000021 qualification=0000000000000000 [ 1098.449000] IDTVectoring: info=00000000 errcode=00000000 [ 1098.461489] TSC Offset = 0xfffffdb20abb0d22 [ 1098.475487] EPT pointer = 0x00000001cb03901e 16:54:05 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x0, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:05 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}}, 0x1c) 16:54:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:05 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x0, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:05 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x0, 0x7, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1100.366068] *** Guest State *** [ 1100.374682] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1100.393704] *** Guest State *** [ 1100.393743] IPVS: ftp: loaded support on port[0] = 21 [ 1100.402484] IPVS: ftp: loaded support on port[0] = 21 [ 1100.406827] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000]}}, 0x1c) [ 1100.425687] IPVS: ftp: loaded support on port[0] = 21 [ 1100.431054] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1100.457437] CR3 = 0x0000000000000000 [ 1100.470924] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1100.482440] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1100.488960] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1100.532658] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.543696] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1100.559976] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.568580] CR3 = 0x0000000000000000 [ 1100.571130] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}, 0x1c) [ 1100.578420] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1100.587964] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1100.602127] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.614798] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1100.625571] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.649294] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.672990] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1100.674707] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1100.713786] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1100.723615] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdef]}}, 0x1c) [ 1100.731679] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1100.731701] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1100.731719] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1100.731739] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1100.764315] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1100.772705] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1100.792912] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1100.805809] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1100.815319] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1100.828393] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff00000000]}}, 0x1c) [ 1100.840356] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1100.851921] Interruptibility = 00000000 ActivityState = 00000000 [ 1100.861272] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1100.861285] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1100.879469] *** Host State *** [ 1100.883341] RIP = 0xffffffff812047de RSP = 0xffff88817dbd7390 [ 1100.891318] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1100.899178] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1100.905820] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1100.914209] Interruptibility = 00000000 ActivityState = 00000000 [ 1100.920766] *** Host State *** [ 1100.924247] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1100.934177] RIP = 0xffffffff812047de RSP = 0xffff8881837af390 [ 1100.940476] CR0=0000000080050033 CR3=00000001c85e2000 CR4=00000000001426e0 [ 1100.948995] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1100.956336] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1100.963464] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1100.971610] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1100.977934] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1100.984220] *** Control State *** 16:54:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dffffff]}}, 0x1c) [ 1100.987956] CR0=0000000080050033 CR3=0000000184986000 CR4=00000000001426f0 [ 1100.995354] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1101.002400] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1101.009487] EntryControls=0000d1ff ExitControls=002fefff [ 1101.015182] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1101.022449] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1101.031226] *** Control State *** [ 1101.035368] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1101.043579] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1101.050999] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1101.057953] EntryControls=0000d1ff ExitControls=002fefff [ 1101.063714] reason=80000021 qualification=0000000000000000 [ 1101.070425] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1101.080514] IDTVectoring: info=00000000 errcode=00000000 [ 1101.090633] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1101.097602] TSC Offset = 0xfffffdb0a9ec8bec [ 1101.102223] EPT pointer = 0x000000017fb3601e [ 1101.108258] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1101.122176] reason=80000021 qualification=0000000000000000 [ 1101.138600] IDTVectoring: info=00000000 errcode=00000000 16:54:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1800]}}, 0x1c) [ 1101.153088] TSC Offset = 0xfffffdb0aabb126e [ 1101.166215] EPT pointer = 0x00000001aaa8501e 16:54:09 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x0, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1104.177408] IPVS: ftp: loaded support on port[0] = 21 16:54:09 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:09 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x0, 0x100000000, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:09 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x0, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}}, 0x1c) 16:54:09 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x0, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1104.603414] IPVS: ftp: loaded support on port[0] = 21 [ 1104.654655] *** Guest State *** [ 1104.657953] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1104.664042] IPVS: ftp: loaded support on port[0] = 21 [ 1104.673557] *** Guest State *** [ 1104.682841] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1104.691381] IPVS: ftp: loaded support on port[0] = 21 16:54:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f]}}, 0x1c) [ 1104.698231] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1104.707104] CR3 = 0x0000000000000000 [ 1104.748517] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1104.769343] CR3 = 0x0000000000000000 [ 1104.773075] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1104.790831] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1104.814156] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1104.828247] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1104.838651] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1104.849283] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 16:54:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}}, 0x1c) [ 1104.882466] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1104.893999] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1104.903220] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1104.940456] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1104.959274] FS: sel=0x000b, attr=0x010e9, limit=0x00002000, base=0x0000000000012000 [ 1104.981979] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1104.996354] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1105.004826] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.013935] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1105.026675] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.030743] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 16:54:10 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}}, 0x1c) [ 1105.047018] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1105.058509] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1105.074038] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1105.078097] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.096789] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1105.110518] Interruptibility = 00000000 ActivityState = 00000000 [ 1105.117093] *** Host State *** [ 1105.121928] RIP = 0xffffffff812047de RSP = 0xffff88817bc67390 [ 1105.122591] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.138431] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 16:54:10 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000]}}, 0x1c) [ 1105.154432] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1105.166944] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.173624] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1105.191413] CR0=0000000080050033 CR3=000000017f051000 CR4=00000000001426e0 [ 1105.216541] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1105.223323] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1105.233941] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1105.241857] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1105.250112] *** Control State *** [ 1105.257033] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 16:54:10 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff7f0000]}}, 0x1c) [ 1105.281947] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1105.303892] EntryControls=0000d1ff ExitControls=002fefff [ 1105.315730] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1105.333295] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1105.342555] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1105.345396] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1105.363807] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1105.364168] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:54:10 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}, 0x1c) [ 1105.384614] Interruptibility = 00000000 ActivityState = 00000000 [ 1105.391823] *** Host State *** [ 1105.402492] reason=80000021 qualification=0000000000000000 [ 1105.410077] RIP = 0xffffffff812047de RSP = 0xffff888189bdf390 [ 1105.426931] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1105.430852] IDTVectoring: info=00000000 errcode=00000000 [ 1105.448692] TSC Offset = 0xfffffdae5c9e7ed7 [ 1105.453069] EPT pointer = 0x000000018446401e [ 1105.464282] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1105.510284] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1105.528890] CR0=0000000080050033 CR3=00000001bcce9000 CR4=00000000001426e0 [ 1105.550147] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1105.564142] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1105.585303] *** Control State *** [ 1105.589287] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1105.596075] EntryControls=0000d1ff ExitControls=002fefff [ 1105.601941] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1105.611129] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1105.621763] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1105.638266] reason=80000021 qualification=0000000000000000 [ 1105.649370] IDTVectoring: info=00000000 errcode=00000000 [ 1105.658278] TSC Offset = 0xfffffdae623fbbc9 [ 1105.662801] EPT pointer = 0x00000001d359501e 16:54:12 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x0, 0x7fffffff, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:12 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:12 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeffdffff]}}, 0x1c) 16:54:12 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff8d]}}, 0x1c) [ 1107.752895] *** Guest State *** [ 1107.753268] IPVS: ftp: loaded support on port[0] = 21 [ 1107.756206] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1107.756219] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1107.756225] CR3 = 0x0000000000000000 [ 1107.756233] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1107.756243] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1107.756257] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1107.756272] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1107.813712] *** Guest State *** [ 1107.817064] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:54:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40030000000000]}}, 0x1c) [ 1107.850788] IPVS: ftp: loaded support on port[0] = 21 [ 1107.868188] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1107.875891] IPVS: ftp: loaded support on port[0] = 21 [ 1107.882352] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1107.882371] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1107.958310] CR3 = 0x0000000000000000 [ 1107.962112] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1107.986646] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1107.998819] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:54:13 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff]}}, 0x1c) [ 1108.007962] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1108.033955] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.063956] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.085034] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.094465] FS: sel=0x000b, attr=0x030e9, limit=0x00002000, base=0x0000000000012000 [ 1108.130016] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.140633] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.149240] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1108.171353] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:13 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}}, 0x1c) [ 1108.208533] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1108.216978] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1108.238897] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1108.248646] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1108.289041] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1108.297033] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1108.305879] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:13 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:13 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1108.332829] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1108.346071] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1108.354035] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1108.371418] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1108.377862] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1108.396198] Interruptibility = 00000000 ActivityState = 00000000 [ 1108.419089] *** Host State *** [ 1108.423616] Interruptibility = 00000000 ActivityState = 00000000 [ 1108.431558] RIP = 0xffffffff812047de RSP = 0xffff88817bccf390 [ 1108.441724] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1108.448808] *** Host State *** [ 1108.452222] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1108.460725] RIP = 0xffffffff812047de RSP = 0xffff8881beccf390 [ 1108.464945] IPVS: ftp: loaded support on port[0] = 21 [ 1108.466890] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1108.478392] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1108.484841] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1108.495384] IPVS: ftp: loaded support on port[0] = 21 [ 1108.495488] CR0=0000000080050033 CR3=00000001c3826000 CR4=00000000001426e0 [ 1108.508561] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1108.515410] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1108.522134] *** Control State *** [ 1108.526162] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1108.532862] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1108.540136] CR0=0000000080050033 CR3=00000001c2821000 CR4=00000000001426e0 [ 1108.547297] EntryControls=0000d1ff ExitControls=002fefff [ 1108.564561] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1108.572964] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1108.588201] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1108.596122] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1108.603383] reason=80000021 qualification=0000000000000000 [ 1108.610231] IDTVectoring: info=00000000 errcode=00000000 [ 1108.615843] TSC Offset = 0xfffffdacb638242f [ 1108.615850] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1108.615858] *** Control State *** [ 1108.625132] EPT pointer = 0x00000001cc2b301e [ 1108.630041] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1108.667163] EntryControls=0000d1ff ExitControls=002fefff [ 1108.673833] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1108.687061] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1108.699950] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1108.706708] reason=80000021 qualification=0000000000000000 [ 1108.713656] IDTVectoring: info=00000000 errcode=00000000 [ 1108.720592] TSC Offset = 0xfffffdacb633ace6 [ 1108.734566] EPT pointer = 0x00000001afcf101e 16:54:13 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000, 0x0, 0x400000008000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:13 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000]}}, 0x1c) 16:54:13 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:13 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}}, 0x1c) 16:54:13 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1108.897117] *** Guest State *** [ 1108.909889] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1108.923276] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1108.935302] *** Guest State *** [ 1108.942386] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1108.951696] CR3 = 0x0000000000000000 [ 1108.955443] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1108.975105] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1108.983126] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1108.993311] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1108.999095] CR3 = 0x0000000000000000 [ 1109.004711] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1109.018419] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.036755] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1109.039939] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.050569] IPVS: ftp: loaded support on port[0] = 21 [ 1109.076309] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.081925] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1109.108715] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.135108] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.140136] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1109.163925] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.181128] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1109.188285] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1109.200596] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1109.222062] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1109.225284] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1109.243333] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1109.258801] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1109.267460] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1109.278154] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1109.289590] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1109.297523] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1109.297942] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1109.313005] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1109.313209] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1109.321493] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1109.332931] Interruptibility = 00000000 ActivityState = 00000000 [ 1109.337007] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1109.343194] *** Host State *** [ 1109.349861] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1109.352931] RIP = 0xffffffff812047de RSP = 0xffff88817b737390 [ 1109.360678] Interruptibility = 00000000 ActivityState = 00000000 [ 1109.366513] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1109.373024] *** Host State *** [ 1109.383824] RIP = 0xffffffff812047de RSP = 0xffff888189bdf390 [ 1109.388874] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1109.390206] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1109.397936] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1109.404518] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1109.410507] CR0=0000000080050033 CR3=0000000184463000 CR4=00000000001426f0 [ 1109.418523] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1109.425784] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1109.431708] CR0=0000000080050033 CR3=00000001d85eb000 CR4=00000000001426f0 [ 1109.438323] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1109.445510] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1109.458419] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1109.464607] *** Control State *** [ 1109.465225] *** Control State *** [ 1109.468522] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1109.475283] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1109.478716] EntryControls=0000d1ff ExitControls=002fefff [ 1109.488757] EntryControls=0000d1ff ExitControls=002fefff [ 1109.490980] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1109.498545] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1109.503483] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1109.518278] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1109.522521] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1109.525092] reason=80000021 qualification=0000000000000000 [ 1109.538627] IDTVectoring: info=00000000 errcode=00000000 [ 1109.542536] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1109.544263] TSC Offset = 0xfffffdac15924cfd [ 1109.555580] EPT pointer = 0x00000001ab6a701e [ 1109.559361] reason=80000021 qualification=0000000000000000 [ 1109.566672] IDTVectoring: info=00000000 errcode=00000000 [ 1109.572429] TSC Offset = 0xfffffdac1c612367 [ 1109.576974] EPT pointer = 0x00000001d704701e [ 1109.598219] *** Guest State *** [ 1109.601533] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1109.639076] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1109.647936] CR3 = 0x0000000000000000 [ 1109.652003] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1109.657996] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1109.664602] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1109.671629] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1109.679999] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1109.687981] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1109.696282] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1109.704595] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1109.712945] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1109.721208] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1109.729527] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1109.737507] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1109.745793] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1109.754057] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1109.760791] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1109.769008] Interruptibility = 00000000 ActivityState = 00000000 [ 1109.775223] *** Host State *** [ 1109.778599] RIP = 0xffffffff812047de RSP = 0xffff88818372f390 [ 1109.784582] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1109.791096] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1109.798943] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1109.804834] CR0=0000000080050033 CR3=00000001d85eb000 CR4=00000000001426f0 [ 1109.811919] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1109.818655] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1109.824710] *** Control State *** [ 1109.828209] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1109.834879] EntryControls=0000d1ff ExitControls=002fefff [ 1109.840401] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1109.847371] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1109.854080] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1109.860761] reason=80000021 qualification=0000000000000000 [ 1109.867103] IDTVectoring: info=00000000 errcode=00000000 [ 1109.872605] TSC Offset = 0xfffffdac15924cfd [ 1109.876934] EPT pointer = 0x00000001ab6a701e 16:54:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}}, 0x1c) 16:54:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:15 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:15 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000]}}, 0x1c) [ 1110.771081] *** Guest State *** [ 1110.783527] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1110.797460] *** Guest State *** [ 1110.803270] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1110.816600] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1110.828297] IPVS: ftp: loaded support on port[0] = 21 [ 1110.833750] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1110.843393] CR3 = 0x0000000000000000 [ 1110.849670] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1110.858633] CR3 = 0x0000000000000000 [ 1110.874884] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1110.884004] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1110.892591] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1110.904352] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1110.911231] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1110.925259] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1110.932258] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1110.941281] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1110.949495] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1110.967205] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1110.977131] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1110.985580] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1110.994006] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1111.002245] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.010658] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1111.018985] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1111.027157] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1111.035427] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1111.043667] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1111.051917] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1111.060216] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.068503] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1111.076744] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1111.083408] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1111.091670] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1111.099417] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1111.107620] Interruptibility = 00000000 ActivityState = 00000000 [ 1111.114126] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1111.122353] *** Host State *** [ 1111.125771] RIP = 0xffffffff812047de RSP = 0xffff88817bb1f390 [ 1111.132013] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1111.138749] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1111.145379] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1111.153094] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1111.161126] Interruptibility = 00000000 ActivityState = 00000000 [ 1111.167582] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1111.173702] *** Host State *** [ 1111.177124] CR0=0000000080050033 CR3=00000001b9c0b000 CR4=00000000001426e0 [ 1111.184419] RIP = 0xffffffff812047de RSP = 0xffff888189567390 [ 1111.190634] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1111.197249] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1111.204151] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1111.212203] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1111.218531] *** Control State *** [ 1111.222196] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1111.228351] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1111.235230] CR0=0000000080050033 CR3=00000001c910a000 CR4=00000000001426e0 [ 1111.242496] EntryControls=0000d1ff ExitControls=002fefff [ 1111.248214] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1111.255099] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1111.262278] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1111.268621] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1111.275493] *** Control State *** [ 1111.279210] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1111.286020] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1111.292990] reason=80000021 qualification=0000000000000000 [ 1111.299558] EntryControls=0000d1ff ExitControls=002fefff [ 1111.305239] IDTVectoring: info=00000000 errcode=00000000 [ 1111.311003] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1111.318207] TSC Offset = 0xfffffdab16b1d4cb [ 1111.322745] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1111.329688] EPT pointer = 0x00000001c2ff501e [ 1111.334453] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1111.348257] reason=80000021 qualification=0000000000000000 [ 1111.364669] IDTVectoring: info=00000000 errcode=00000000 [ 1111.377083] TSC Offset = 0xfffffdab16e47a1b [ 1111.383943] EPT pointer = 0x00000001b35fe01e 16:54:16 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:16 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}}, 0x1c) 16:54:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1111.428347] *** Guest State *** [ 1111.431664] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1111.470372] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:16 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00]}}, 0x1c) [ 1111.532001] CR3 = 0x0000000000000000 [ 1111.535751] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1111.537715] *** Guest State *** [ 1111.554407] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1111.579066] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1111.588309] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1111.590589] IPVS: ftp: loaded support on port[0] = 21 [ 1111.594336] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1111.594356] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1111.594377] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1111.594396] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1111.594413] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1111.599921] CR3 = 0x0000000000000000 [ 1111.629329] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1111.665784] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:54:16 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}}, 0x1c) [ 1111.680432] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1111.692619] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1111.713555] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.713597] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.754899] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.759392] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1111.777430] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.797683] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1111.806055] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.818810] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1111.820917] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.833725] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:16 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000]}}, 0x1c) [ 1111.856938] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1111.862366] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1111.874521] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1111.886757] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1111.905536] Interruptibility = 00000000 ActivityState = 00000000 [ 1111.908924] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1111.925620] *** Host State *** [ 1111.932797] RIP = 0xffffffff812047de RSP = 0xffff8881842af390 [ 1111.944548] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:17 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:17 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:17 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}}, 0x1c) [ 1111.954099] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1111.964051] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1111.967288] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1111.984110] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1112.014887] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1112.028400] CR0=0000000080050033 CR3=00000001c910a000 CR4=00000000001426f0 [ 1112.031618] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1112.062744] Interruptibility = 00000000 ActivityState = 00000000 [ 1112.063792] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1112.078143] *** Host State *** [ 1112.086176] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1112.093928] IPVS: ftp: loaded support on port[0] = 21 [ 1112.099032] RIP = 0xffffffff812047de RSP = 0xffff888179bd7390 [ 1112.105058] *** Control State *** [ 1112.113173] IPVS: ftp: loaded support on port[0] = 21 [ 1112.120054] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1112.121617] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1112.134492] EntryControls=0000d1ff ExitControls=002fefff [ 1112.159467] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1112.167464] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1112.175670] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1112.188347] CR0=0000000080050033 CR3=00000001bc4fe000 CR4=00000000001426e0 [ 1112.195623] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1112.209624] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1112.229062] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1112.238290] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1112.253920] *** Control State *** [ 1112.256985] reason=80000021 qualification=0000000000000000 [ 1112.261997] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1112.272608] IDTVectoring: info=00000000 errcode=00000000 [ 1112.285849] EntryControls=0000d1ff ExitControls=002fefff [ 1112.299154] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1112.309786] TSC Offset = 0xfffffdab16e47a1b [ 1112.320056] EPT pointer = 0x00000001b35fe01e [ 1112.323035] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1112.367472] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1112.388651] reason=80000021 qualification=0000000000000000 [ 1112.394994] IDTVectoring: info=00000000 errcode=00000000 [ 1112.395001] TSC Offset = 0xfffffdaaaf777dc6 [ 1112.395012] EPT pointer = 0x00000001d67bb01e 16:54:18 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0x0, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:18 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}}, 0x1c) 16:54:18 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x0, 0xd, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:18 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x0, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:18 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}, 0x1c) [ 1113.844809] *** Guest State *** [ 1113.845561] IPVS: ftp: loaded support on port[0] = 21 [ 1113.853073] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1113.865153] *** Guest State *** [ 1113.881247] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1113.899937] IPVS: ftp: loaded support on port[0] = 21 [ 1113.912364] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1113.940095] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:19 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}}, 0x1c) [ 1113.961778] CR3 = 0x0000000000000000 [ 1113.965858] CR3 = 0x0000000000000000 [ 1113.969898] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1113.979502] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1113.991582] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1113.997925] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1114.004222] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1114.024135] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1114.048443] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.057883] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1114.064596] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.078206] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1114.089766] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1114.100030] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.111662] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1114.121712] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.130000] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1114.140971] GS: sel=0x000d, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.149330] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.159024] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1114.167347] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1114.175879] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.184688] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1114.197362] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1114.206018] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1114.213159] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 16:54:19 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}}, 0x1c) [ 1114.222617] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1114.228378] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1114.231160] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1114.238427] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1114.245626] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1114.259399] Interruptibility = 00000000 ActivityState = 00000000 [ 1114.284181] *** Host State *** [ 1114.289041] RIP = 0xffffffff812047de RSP = 0xffff888189bdf390 [ 1114.292964] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1114.302826] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1114.309538] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1114.322854] Interruptibility = 00000000 ActivityState = 00000000 [ 1114.329686] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1114.336942] *** Host State *** [ 1114.351002] RIP = 0xffffffff812047de RSP = 0xffff88817b9a7390 [ 1114.361129] CR0=0000000080050033 CR3=00000001cc873000 CR4=00000000001426e0 [ 1114.370714] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 16:54:19 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe803]}}, 0x1c) [ 1114.380659] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1114.405937] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1114.415932] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1114.424508] CR0=0000000080050033 CR3=000000017d71e000 CR4=00000000001426e0 [ 1114.434750] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1114.442754] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1114.450968] *** Control State *** 16:54:19 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x18}, 0x1c) [ 1114.455146] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1114.462205] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1114.469387] *** Control State *** [ 1114.473148] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1114.480274] EntryControls=0000d1ff ExitControls=002fefff [ 1114.485980] EntryControls=0000d1ff ExitControls=002fefff [ 1114.492593] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1114.501023] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1114.509953] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1114.516826] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1114.525084] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1114.534615] reason=80000021 qualification=0000000000000000 [ 1114.546757] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1114.553902] IDTVectoring: info=00000000 errcode=00000000 [ 1114.559778] reason=80000021 qualification=0000000000000000 [ 1114.566310] TSC Offset = 0xfffffda9725f3f75 [ 1114.572135] EPT pointer = 0x00000001b8aba01e [ 1114.577043] IDTVectoring: info=00000000 errcode=00000000 [ 1114.593539] TSC Offset = 0xfffffda97360452f [ 1114.606352] EPT pointer = 0x00000001d824401e 16:54:20 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:20 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x300000000000000}, 0x1c) [ 1115.084932] IPVS: ftp: loaded support on port[0] = 21 16:54:21 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1100}, 0x1c) 16:54:21 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0x0, 0x7, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:21 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:21 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1800}, 0x1c) [ 1116.937216] *** Guest State *** [ 1116.949910] *** Guest State *** [ 1116.950662] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1116.962314] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1116.983039] IPVS: ftp: loaded support on port[0] = 21 [ 1116.988782] IPVS: ftp: loaded support on port[0] = 21 [ 1117.004277] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1117.010192] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1117.053905] CR3 = 0x0000000000000000 [ 1117.057711] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1117.070160] CR3 = 0x0000000000000000 [ 1117.079103] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1117.085500] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:54:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x7}, 0x1c) [ 1117.110594] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1117.128366] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1117.129207] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.140262] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1117.158313] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.170370] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1117.186830] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.208937] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1117.227796] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.242708] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1117.259019] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.269523] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1117.286858] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.295291] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 16:54:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x11}, 0x1c) [ 1117.305474] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1117.314606] GS: sel=0x0000, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1117.326558] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1117.347423] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1117.358272] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1117.369892] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1117.383727] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1117.394221] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x10000000000000}, 0x1c) [ 1117.410382] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1117.419468] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1117.434442] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1117.445638] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1117.459180] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1117.466872] Interruptibility = 00000000 ActivityState = 00000000 [ 1117.481370] Interruptibility = 00000000 ActivityState = 00000000 [ 1117.488914] *** Host State *** [ 1117.500042] RIP = 0xffffffff812047de RSP = 0xffff88817bb1f390 [ 1117.508764] *** Host State *** [ 1117.516795] RIP = 0xffffffff812047de RSP = 0xffff88817a25f390 [ 1117.524209] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1117.536587] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1117.546829] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1117.558244] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 16:54:22 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x10000000000}, 0x1c) [ 1117.568816] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1117.586085] CR0=0000000080050033 CR3=00000001ce9bf000 CR4=00000000001426e0 [ 1117.605010] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1117.613013] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1117.631854] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1117.642669] CR0=0000000080050033 CR3=00000001c3db5000 CR4=00000000001426f0 [ 1117.654955] *** Control State *** [ 1117.656485] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1117.665788] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1117.673161] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1117.690600] *** Control State *** [ 1117.694148] EntryControls=0000d1ff ExitControls=002fefff [ 1117.701114] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1117.708422] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1117.733244] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1117.736808] EntryControls=0000d1ff ExitControls=002fefff [ 1117.746308] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1117.753823] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1117.757825] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1117.765491] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1117.771873] reason=80000021 qualification=0000000000000000 [ 1117.774228] reason=80000021 qualification=0000000000000000 [ 1117.787230] IDTVectoring: info=00000000 errcode=00000000 [ 1117.793176] IDTVectoring: info=00000000 errcode=00000000 [ 1117.793341] TSC Offset = 0xfffffda7c9800149 [ 1117.803861] EPT pointer = 0x00000001d2ada01e [ 1117.807954] TSC Offset = 0xfffffda7caf68be3 [ 1117.820933] EPT pointer = 0x000000017d9fa01e 16:54:23 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:23 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x7000000}, 0x1c) [ 1118.139451] IPVS: ftp: loaded support on port[0] = 21 16:54:24 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:24 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:24 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf4010000}, 0x1c) 16:54:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:24 executing program 0: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, 0x0, 0x8) clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) ioctl$sock_proto_private(0xffffffffffffffff, 0x89e2, &(0x7f0000000340)="d22b7af09095171042739897b97e7d52d8a73b2e87820261e8a3af3b7852a6d628e94f8a6fd7707fdac4cf224e062046ca0bbc5215517a0987041df40346fc02808db3d4e8f087e57bd0d587374ed3") socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0x0, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1119.983309] *** Guest State *** [ 1119.986772] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1119.996233] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1120.007106] CR3 = 0x0000000000000000 [ 1120.015993] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1120.023561] IPVS: ftp: loaded support on port[0] = 21 16:54:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfffffdef}, 0x1c) [ 1120.030731] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:54:25 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1120.055278] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1120.076854] IPVS: ftp: loaded support on port[0] = 21 [ 1120.078190] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1120.150545] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1120.182216] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf0ffffffffffff}, 0x1c) [ 1120.230555] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1120.249785] *** Guest State *** [ 1120.264811] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1120.277390] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1120.296824] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1120.300551] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1120.334292] CR3 = 0x0000000000000000 [ 1120.335048] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1120.346766] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1120.351115] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1120.361355] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1120.371209] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x8}, 0x1c) [ 1120.379130] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1120.379781] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1120.406016] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1120.415937] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1120.424201] Interruptibility = 00000000 ActivityState = 00000000 [ 1120.442057] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1120.458511] *** Host State *** [ 1120.466515] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1120.475868] RIP = 0xffffffff812047de RSP = 0xffff888181927390 16:54:25 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x11000000}, 0x1c) [ 1120.485058] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1120.496091] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1120.504412] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1120.524381] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1120.535448] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1120.552867] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1120.566792] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1120.567528] CR0=0000000080050033 CR3=00000001ba2c6000 CR4=00000000001426f0 [ 1120.583864] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1120.588972] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1120.591113] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1120.606184] *** Control State *** [ 1120.606261] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1120.620991] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1120.624587] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1120.639288] EntryControls=0000d1ff ExitControls=002fefff [ 1120.645153] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1120.653201] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1120.653226] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1120.653237] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1120.653246] reason=80000021 qualification=0000000000000000 [ 1120.653255] IDTVectoring: info=00000000 errcode=00000000 [ 1120.653262] TSC Offset = 0xfffffda626540055 [ 1120.653272] EPT pointer = 0x00000001ce3d701e [ 1120.667614] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1120.686553] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1120.702073] Interruptibility = 00000000 ActivityState = 00000000 [ 1120.715991] *** Host State *** [ 1120.719491] RIP = 0xffffffff812047de RSP = 0xffff88817fe4f390 [ 1120.731209] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1120.737858] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1120.746000] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1120.752333] CR0=0000000080050033 CR3=00000001a844c000 CR4=00000000001426e0 [ 1120.759671] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1120.766568] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1120.784722] *** Control State *** [ 1120.794070] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1120.808188] EntryControls=0000d1ff ExitControls=002fefff [ 1120.813794] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1120.821164] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1120.827965] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1120.834978] reason=80000021 qualification=0000000000000000 [ 1120.841720] IDTVectoring: info=00000000 errcode=00000000 [ 1120.847303] TSC Offset = 0xfffffda6041226d2 [ 1120.852083] EPT pointer = 0x00000001c299001e [ 1120.908717] *** Guest State *** [ 1120.912011] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1120.928300] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1120.937476] CR3 = 0x0000000000000000 [ 1120.941831] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1120.948348] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1120.954638] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1120.961923] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1120.972518] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1120.981997] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1120.990473] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1120.999009] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1121.007198] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1121.015702] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1121.024189] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1121.032771] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1121.041272] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1121.049741] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1121.056383] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1121.064459] Interruptibility = 00000000 ActivityState = 00000000 [ 1121.071255] *** Host State *** [ 1121.074690] RIP = 0xffffffff812047de RSP = 0xffff8881b50c7390 [ 1121.081268] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1121.098830] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 16:54:26 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x0) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:26 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x7ffffffff000}, 0x1c) [ 1121.111662] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1121.133146] CR0=0000000080050033 CR3=00000001a844c000 CR4=00000000001426f0 [ 1121.155947] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1121.172818] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1121.179578] *** Control State *** [ 1121.183262] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1121.190491] EntryControls=0000d1ff ExitControls=002fefff [ 1121.196180] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1121.208282] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1121.215152] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1121.226384] reason=80000021 qualification=0000000000000000 [ 1121.237724] IPVS: ftp: loaded support on port[0] = 21 [ 1121.243033] IDTVectoring: info=00000000 errcode=00000000 [ 1121.257647] TSC Offset = 0xfffffda6041226d2 [ 1121.269259] EPT pointer = 0x00000001c299001e 16:54:27 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x0, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:27 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3e8}, 0x1c) 16:54:28 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x0, 0x100, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:28 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() clone(0x2040000003, &(0x7f0000000200), 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732d7b4f6") ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x8000000000000014) socket$inet6(0xa, 0x0, 0x3) sync() wait4(0x0, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) 16:54:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x7ffffff7}, 0x1c) [ 1123.087637] IPVS: ftp: loaded support on port[0] = 21 [ 1123.090536] *** Guest State *** [ 1123.103860] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1123.129044] *** Guest State *** [ 1123.134551] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1123.138257] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1123.147055] IPVS: ftp: loaded support on port[0] = 21 [ 1123.158410] CR3 = 0x0000000000000000 [ 1123.162193] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1123.188956] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1123.198360] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1123.217153] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:54:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x30}, 0x1c) [ 1123.258584] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.266570] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.266590] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.266607] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.290918] CR3 = 0x0000000000000000 [ 1123.306409] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1123.325893] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1123.347208] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:54:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x600000000000000}, 0x1c) [ 1123.357299] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1123.366084] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.374794] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1123.389125] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1123.424848] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1123.441257] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1123.456539] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1123.470593] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1123.480592] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1123.490175] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1123.505393] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1123.513943] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xa000000}, 0x1c) [ 1123.528396] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1123.538893] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1123.556979] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1123.568704] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1123.580315] Interruptibility = 00000000 ActivityState = 00000000 [ 1123.592026] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1123.592046] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1123.610720] *** Host State *** [ 1123.616466] RIP = 0xffffffff812047de RSP = 0xffff888179047390 [ 1123.626370] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1123.635458] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1123.643724] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1123.652874] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1123.661334] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1123.667501] Interruptibility = 00000000 ActivityState = 00000000 16:54:28 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf5ffffff00000000}, 0x1c) [ 1123.682119] CR0=0000000080050033 CR3=00000001d2a59000 CR4=00000000001426f0 [ 1123.690752] *** Host State *** [ 1123.702196] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1123.713799] RIP = 0xffffffff812047de RSP = 0xffff888189bdf390 [ 1123.729033] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1123.739219] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1123.746493] *** Control State *** [ 1123.750540] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1123.757532] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1123.765955] EntryControls=0000d1ff ExitControls=002fefff [ 1123.772949] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1123.779397] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1123.786679] CR0=0000000080050033 CR3=00000001b4b1e000 CR4=00000000001426e0 [ 1123.799124] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1123.809565] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1123.817352] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1123.826841] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1123.835433] reason=80000021 qualification=0000000000000000 [ 1123.843922] *** Control State *** [ 1123.847854] IDTVectoring: info=00000000 errcode=00000000 [ 1123.853836] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1123.861018] TSC Offset = 0xfffffda47e4aed35 [ 1123.865548] EPT pointer = 0x00000001b407301e [ 1123.871527] EntryControls=0000d1ff ExitControls=002fefff [ 1123.881906] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1123.901027] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1123.915018] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1123.931171] reason=80000021 qualification=0000000000000000 [ 1123.939301] IDTVectoring: info=00000000 errcode=00000000 [ 1123.944977] TSC Offset = 0xfffffda47d775bf8 [ 1123.949755] EPT pointer = 0x0000000182e1c01e 16:54:29 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x0) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:29 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xffffff8d}, 0x1c) [ 1124.280948] IPVS: ftp: loaded support on port[0] = 21 16:54:31 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:31 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x0, 0x3, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1800000000000000}, 0x1c) 16:54:31 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(0x0, 0x0, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x40030000000000}, 0x1c) [ 1126.216781] *** Guest State *** [ 1126.239641] *** Guest State *** [ 1126.246418] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1126.269830] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1126.276904] IPVS: ftp: loaded support on port[0] = 21 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x100000000000000}, 0x1c) [ 1126.335706] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1126.348210] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1126.389602] CR3 = 0x0000000000000000 [ 1126.409969] CR3 = 0x0000000000000000 [ 1126.422319] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1126.439674] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1126.467812] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1126.478237] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1126.484954] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1126.503165] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf0}, 0x1c) [ 1126.536654] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1126.564945] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.582475] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1126.612030] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.644438] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1126.668388] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.676413] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.696222] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x2000}, 0x1c) [ 1126.729064] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1126.738416] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.787193] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1126.795478] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.822733] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1126.831283] GDTR: limit=0x00003000, base=0x0000000000003000 16:54:31 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfffff000}, 0x1c) [ 1126.863869] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000000000 [ 1126.872128] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1126.900318] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1126.909855] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1126.958158] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1126.966206] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1126.978797] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1126.993843] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1127.008315] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1127.013024] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1127.031967] Interruptibility = 00000000 ActivityState = 00000000 [ 1127.041672] Interruptibility = 00000000 ActivityState = 00000000 [ 1127.049627] *** Host State *** [ 1127.059720] *** Host State *** [ 1127.063946] RIP = 0xffffffff812047de RSP = 0xffff888183867390 [ 1127.069940] RIP = 0xffffffff812047de RSP = 0xffff8881beccf390 [ 1127.069965] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1127.069978] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1127.069991] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1127.070006] CR0=0000000080050033 CR3=00000001b5498000 CR4=00000000001426e0 [ 1127.070082] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1127.070095] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1127.070100] *** Control State *** [ 1127.070110] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1127.070117] EntryControls=0000d1ff ExitControls=002fefff [ 1127.070132] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1127.099310] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1127.164839] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1127.179763] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1127.194517] reason=80000021 qualification=0000000000000000 [ 1127.201064] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1127.207873] IDTVectoring: info=00000000 errcode=00000000 [ 1127.215677] TSC Offset = 0xfffffda2d4d3b943 [ 1127.218220] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1127.226080] CR0=0000000080050033 CR3=00000001c2b9d000 CR4=00000000001426f0 [ 1127.226260] EPT pointer = 0x00000001beca601e 16:54:32 executing program 5: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x0) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:32 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3f000000}, 0x1c) [ 1127.258159] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1127.264884] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1127.293032] *** Control State *** [ 1127.296534] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1127.325260] EntryControls=0000d1ff ExitControls=002fefff [ 1127.337971] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1127.378200] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1127.386265] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1127.401204] reason=80000021 qualification=0000000000000000 [ 1127.415910] IDTVectoring: info=00000000 errcode=00000000 [ 1127.425306] IPVS: ftp: loaded support on port[0] = 21 [ 1127.437455] TSC Offset = 0xfffffda2d41c50ff [ 1127.452419] EPT pointer = 0x00000001b3d9d01e 16:54:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:34 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x0, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:54:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf0ffff}, 0x1c) 16:54:34 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:34 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x0, 0x9, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xa00}, 0x1c) [ 1129.345283] *** Guest State *** [ 1129.350522] *** Guest State *** [ 1129.353838] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1129.408928] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1129.426669] IPVS: ftp: loaded support on port[0] = 21 16:54:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x34000}, 0x1c) [ 1129.522041] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1129.531694] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1129.582950] CR3 = 0x0000000000000000 [ 1129.601101] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1129.607556] CR3 = 0x0000000000000000 [ 1129.621469] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1129.628835] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1129.665104] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1129.676707] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:54:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x18000000}, 0x1c) [ 1129.713782] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1129.722671] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1129.760553] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1129.774514] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1129.807354] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1129.819236] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1129.856243] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1129.864752] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:34 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x4000000}, 0x1c) [ 1129.900871] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1129.910345] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1129.960796] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1129.970172] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1130.006554] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1130.016077] GDTR: limit=0x00003000, base=0x0000000000003000 16:54:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfe800000}, 0x1c) [ 1130.078373] LDTR: sel=0x000f, attr=0x0a082, limit=0x00000000, base=0x0000000000000000 [ 1130.086408] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1130.102917] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1130.122018] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1130.141035] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1130.160779] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1130.168131] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1130.178545] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1130.186004] Interruptibility = 00000000 ActivityState = 00000000 [ 1130.198796] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1130.235112] *** Host State *** [ 1130.238630] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1130.245048] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1130.254537] RIP = 0xffffffff812047de RSP = 0xffff88818957f390 [ 1130.268146] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1130.278446] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1130.286259] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1130.298272] Interruptibility = 00000000 ActivityState = 00000000 [ 1130.305867] *** Host State *** [ 1130.308133] CR0=0000000080050033 CR3=00000001be427000 CR4=00000000001426e0 [ 1130.312877] RIP = 0xffffffff812047de RSP = 0xffff888180907390 [ 1130.316246] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1130.332653] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1130.347673] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1130.348127] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1130.366112] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1130.378457] CR0=0000000080050033 CR3=00000001cb4b7000 CR4=00000000001426e0 [ 1130.393985] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1130.397768] *** Control State *** [ 1130.408931] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1130.418446] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1130.423316] *** Control State *** [ 1130.425113] EntryControls=0000d1ff ExitControls=002fefff [ 1130.425123] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:54:35 executing program 5: r0 = socket(0x11, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r1, &(0x7f0000007e00), 0x400000000000058, 0x0) 16:54:35 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x0, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1130.425128] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1130.425133] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1130.425138] reason=80000021 qualification=0000000000000000 [ 1130.425143] IDTVectoring: info=00000000 errcode=00000000 [ 1130.425147] TSC Offset = 0xfffffda127b94cd6 [ 1130.425152] EPT pointer = 0x00000001a866301e [ 1130.498827] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1130.588387] EntryControls=0000d1ff ExitControls=002fefff [ 1130.593891] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 16:54:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3000}, 0x1c) 16:54:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1130.638399] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1130.645124] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1130.725841] reason=80000021 qualification=0000000000000000 16:54:35 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x700}, 0x1c) [ 1130.769137] IDTVectoring: info=00000000 errcode=00000000 [ 1130.805383] TSC Offset = 0xfffffda128b93049 [ 1130.840300] EPT pointer = 0x00000001bc0ba01e [ 1130.927822] *** Guest State *** [ 1130.953669] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1131.046467] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1131.108515] CR3 = 0x0000000000000000 [ 1131.112276] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1131.118433] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1131.124524] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1131.132303] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140388] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140409] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140426] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140446] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140465] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.140478] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1131.140497] LDTR: sel=0x0000, attr=0x0a082, limit=0x00000000, base=0x0000000000000000 [ 1131.140511] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1131.140529] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1131.181405] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1131.219294] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1131.232695] Interruptibility = 00000000 ActivityState = 00000000 [ 1131.257489] *** Host State *** [ 1131.260869] RIP = 0xffffffff812047de RSP = 0xffff8881845f7390 [ 1131.266877] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1131.281288] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1131.289247] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1131.295143] CR0=0000000080050033 CR3=00000001bfc47000 CR4=00000000001426e0 [ 1131.318217] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1131.334501] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1131.341463] *** Control State *** [ 1131.344981] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1131.351800] EntryControls=0000d1ff ExitControls=002fefff [ 1131.357310] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1131.365235] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1131.373014] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1131.380087] reason=80000021 qualification=0000000000000000 [ 1131.386449] IDTVectoring: info=00000000 errcode=00000000 [ 1131.392052] TSC Offset = 0xfffffda054cc52df [ 1131.396430] EPT pointer = 0x00000001c01b101e 16:54:37 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1f4}, 0x1c) 16:54:37 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x0, 0x4, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:37 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r2, &(0x7f0000007e00), 0x400000000000058, 0x0) 16:54:37 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(0x0, 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f0000000100)) 16:54:37 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5}) ioctl$TIOCEXCL(r3, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1132.424834] *** Guest State *** [ 1132.433288] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1132.453205] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:37 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xeffdffff00000000}, 0x1c) [ 1132.475098] CR3 = 0x0000000000000000 [ 1132.485152] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1132.496655] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1132.550540] *** Guest State *** [ 1132.553888] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1132.593730] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1132.634865] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1132.670598] IPVS: ftp: loaded support on port[0] = 21 [ 1132.677275] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:37 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3000000000000000}, 0x1c) [ 1132.709823] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1132.745369] CR3 = 0x0000000000000000 [ 1132.777411] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1132.798323] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1132.804401] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1132.835493] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1132.848749] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1132.855500] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1132.875551] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 16:54:37 executing program 5: r0 = socket(0x11, 0x2, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r4, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000100)) 16:54:37 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x2000000000000000}, 0x1c) [ 1132.902384] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1132.913103] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1132.961002] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1132.975125] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1133.038689] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1133.056087] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1133.100609] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1133.120743] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1133.139871] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 16:54:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfeffffff00000000}, 0x1c) [ 1133.159342] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1133.200967] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1133.217021] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1133.218649] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1133.238348] Interruptibility = 00000000 ActivityState = 00000000 [ 1133.260343] *** Host State *** [ 1133.277644] RIP = 0xffffffff812047de RSP = 0xffff888183d87390 [ 1133.298380] LDTR: sel=0x0000, attr=0x0a080, limit=0x00000000, base=0x0000000000000000 16:54:38 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r2, &(0x7f0000007e00), 0x400000000000058, 0x0) [ 1133.323546] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1133.338423] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 16:54:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x6000000}, 0x1c) [ 1133.370508] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1133.386657] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1133.441951] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1133.468539] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1133.477325] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1133.497428] CR0=0000000080050033 CR3=00000001b7907000 CR4=00000000001426e0 [ 1133.505938] Interruptibility = 00000000 ActivityState = 00000000 [ 1133.529803] *** Host State *** [ 1133.533200] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1133.550682] RIP = 0xffffffff812047de RSP = 0xffff88817a34f390 [ 1133.567961] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1133.582270] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1133.608170] *** Control State *** [ 1133.633862] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1133.644224] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1133.667033] EntryControls=0000d1ff ExitControls=002fefff [ 1133.673929] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1133.688172] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1133.696520] CR0=0000000080050033 CR3=000000017cbad000 CR4=00000000001426e0 [ 1133.711719] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1133.722222] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1133.743106] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1133.753436] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1133.775845] reason=80000021 qualification=0000000000000000 [ 1133.782795] *** Control State *** [ 1133.791132] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1133.801554] IDTVectoring: info=00000000 errcode=00000000 [ 1133.813049] EntryControls=0000d1ff ExitControls=002fefff [ 1133.821062] TSC Offset = 0xfffffd9f8118a330 [ 1133.831418] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1133.838837] EPT pointer = 0x00000001d0e1001e [ 1133.864238] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1133.889956] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1133.917499] reason=80000021 qualification=0000000000000000 [ 1133.966465] IDTVectoring: info=00000000 errcode=00000000 [ 1133.993877] TSC Offset = 0xfffffd9f813a8126 16:54:38 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x0, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:38 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe00000000000000}, 0x1c) 16:54:39 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfeffffff}, 0x1c) [ 1134.017486] EPT pointer = 0x00000001c29a701e 16:54:40 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x0, 0x2000000000000, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:40 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3}, 0x1c) 16:54:40 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r2, &(0x7f0000007e00), 0x400000000000058, 0x0) 16:54:40 executing program 5: r0 = socket(0x11, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1135.494794] *** Guest State *** [ 1135.500532] *** Guest State *** [ 1135.506344] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1135.516865] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1135.536358] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x10}, 0x1c) [ 1135.585636] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1135.623926] CR3 = 0x0000000000000000 [ 1135.638350] IPVS: ftp: loaded support on port[0] = 21 [ 1135.643731] CR3 = 0x0000000000000000 [ 1135.648776] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1135.659632] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1135.677698] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1135.693320] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1135.712926] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1135.728781] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1135.751741] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1135.764650] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1135.788623] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1135.812197] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1135.820799] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1135.829355] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1135.851988] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1135.867323] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1135.897836] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 16:54:40 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe8030000}, 0x1c) [ 1135.914576] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1135.971447] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1135.995597] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1136.033432] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1136.064501] GDTR: limit=0x00003000, base=0x0000000000003000 16:54:41 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3f00}, 0x1c) [ 1136.084665] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1136.097264] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1136.115214] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1136.125414] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1136.153170] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1136.173118] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1136.196502] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1136.218841] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1136.255274] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:54:41 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x6}, 0x1c) [ 1136.269307] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1136.291407] Interruptibility = 00000000 ActivityState = 00000000 [ 1136.305074] Interruptibility = 00000000 ActivityState = 00000000 [ 1136.339956] *** Host State *** [ 1136.343202] RIP = 0xffffffff812047de RSP = 0xffff88817a287390 [ 1136.348309] *** Host State *** [ 1136.349252] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1136.355425] RIP = 0xffffffff812047de RSP = 0xffff88817b647390 [ 1136.358864] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1136.358900] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1136.358916] CR0=0000000080050033 CR3=00000001c016b000 CR4=00000000001426e0 [ 1136.358947] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1136.358959] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1136.358964] *** Control State *** [ 1136.358974] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1136.358981] EntryControls=0000d1ff ExitControls=002fefff [ 1136.358995] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1136.359022] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1136.359035] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:54:41 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x9}, 0x1c) [ 1136.376956] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1136.378778] reason=80000021 qualification=0000000000000000 [ 1136.378802] IDTVectoring: info=00000000 errcode=00000000 [ 1136.378810] TSC Offset = 0xfffffd9dd990d94d [ 1136.378820] EPT pointer = 0x00000001bdea001e [ 1136.441590] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1136.454975] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1136.475943] CR0=0000000080050033 CR3=00000001bd1b1000 CR4=00000000001426e0 [ 1136.484386] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1136.491209] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1136.497293] *** Control State *** 16:54:41 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind(0xffffffffffffffff, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000100)) 16:54:41 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) [ 1136.548261] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1136.554956] EntryControls=0000d1ff ExitControls=002fefff [ 1136.576257] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1136.620378] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1136.668284] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1136.679553] reason=80000021 qualification=0000000000000000 [ 1136.700954] IDTVectoring: info=00000000 errcode=00000000 [ 1136.714163] *** Guest State *** [ 1136.722220] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1136.736023] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1136.749332] TSC Offset = 0xfffffd9ddc98192c [ 1136.753695] EPT pointer = 0x000000017f04301e [ 1136.754745] CR3 = 0x0000000000000000 [ 1136.764063] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1136.773895] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1136.787101] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1136.797541] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1136.819218] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1136.833790] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1136.842848] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 16:54:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1136.870396] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1136.922029] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1136.949855] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1136.977276] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1137.014023] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1137.033286] *** Guest State *** [ 1137.041484] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1137.050055] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1137.068552] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1137.076429] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1137.086768] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1137.094324] Interruptibility = 00000000 ActivityState = 00000000 [ 1137.100732] *** Host State *** [ 1137.103952] RIP = 0xffffffff812047de RSP = 0xffff8881be61f390 [ 1137.105456] CR3 = 0x0000000000000000 [ 1137.110028] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1137.110042] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1137.110069] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1137.110084] CR0=0000000080050033 CR3=00000001bce29000 CR4=00000000001426e0 [ 1137.141266] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1137.141276] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1137.141289] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1137.147249] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1137.147265] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1137.147279] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.147300] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.147320] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.147351] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.164769] *** Control State *** [ 1137.167055] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.186024] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1137.215237] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.238198] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1137.244327] EntryControls=0000d1ff ExitControls=002fefff [ 1137.252332] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1137.258142] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.267258] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1137.269839] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1137.282585] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1137.296700] reason=80000021 qualification=0000000000000000 [ 1137.303639] IDTVectoring: info=00000000 errcode=00000000 [ 1137.309719] TSC Offset = 0xfffffd9d30a717bd [ 1137.314311] EPT pointer = 0x00000001b55eb01e [ 1137.318138] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1137.326699] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1137.333307] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1137.340858] Interruptibility = 00000000 ActivityState = 00000000 [ 1137.347101] *** Host State *** [ 1137.350377] RIP = 0xffffffff812047de RSP = 0xffff88817b647390 [ 1137.356379] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1137.362849] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1137.370685] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1137.376574] CR0=0000000080050033 CR3=00000001a8458000 CR4=00000000001426e0 [ 1137.384575] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1137.391373] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1137.397452] *** Control State *** [ 1137.400980] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1137.407668] EntryControls=0000d1ff ExitControls=002fefff [ 1137.413331] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1137.420534] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1137.427791] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1137.428385] *** Guest State *** [ 1137.434594] reason=80000021 qualification=0000000000000000 [ 1137.440246] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1137.444225] IDTVectoring: info=00000000 errcode=00000000 [ 1137.461084] TSC Offset = 0xfffffd9d07891a59 [ 1137.465504] EPT pointer = 0x00000001c177e01e [ 1137.470227] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1137.479224] CR3 = 0x0000000000000000 [ 1137.482981] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1137.482997] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1137.517956] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1137.545299] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1137.558185] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1137.566217] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1137.574356] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1137.582520] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1137.590665] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1137.598791] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1137.606812] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1137.614946] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1137.623379] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1137.632455] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1137.639093] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1137.646583] Interruptibility = 00000000 ActivityState = 00000000 [ 1137.653058] *** Host State *** [ 1137.656308] RIP = 0xffffffff812047de RSP = 0xffff88817a287390 [ 1137.662536] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1137.669107] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1137.676950] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1137.682991] CR0=0000000080050033 CR3=00000001bce29000 CR4=00000000001426e0 [ 1137.690188] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1137.696894] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1137.703089] *** Control State *** [ 1137.706587] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1137.713467] EntryControls=0000d1ff ExitControls=002fefff [ 1137.719087] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1137.726056] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1137.732856] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1137.739557] reason=80000021 qualification=0000000000000000 [ 1137.745911] IDTVectoring: info=00000000 errcode=00000000 [ 1137.751529] TSC Offset = 0xfffffd9d30a717bd [ 1137.755888] EPT pointer = 0x00000001b55eb01e 16:54:43 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:43 executing program 0: socket(0x11, 0x2, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000100)) 16:54:43 executing program 5: r0 = socket(0x11, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000100)) 16:54:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe000000}, 0x1c) 16:54:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:43 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4}, {0x100000, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x900}, 0x1c) [ 1138.582220] *** Guest State *** [ 1138.588316] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1138.599810] *** Guest State *** [ 1138.606398] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1138.618178] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1138.667644] IPVS: ftp: loaded support on port[0] = 21 [ 1138.674284] CR3 = 0x0000000000000000 [ 1138.691411] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1138.750126] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1138.755732] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1138.802790] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1138.821170] CR3 = 0x0000000000000000 [ 1138.844620] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1138.873931] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 16:54:43 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe00}, 0x1c) [ 1138.900236] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1138.963376] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1138.973537] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1139.021880] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.042527] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000100000 [ 1139.082915] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.095694] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1139.115683] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.127089] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1139.144699] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.171553] GS: sel=0x000d, attr=0x04011, limit=0x00015000, base=0x0000000000000000 16:54:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfffffff5}, 0x1c) [ 1139.195204] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.210752] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1139.246349] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.258773] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1139.275994] GDTR: limit=0x00003000, base=0x0000000000003000 16:54:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x5000000}, 0x1c) [ 1139.291076] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1139.309708] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.378662] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1139.396576] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1139.413306] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1139.434774] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1139.447049] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1139.468351] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1139.477459] Interruptibility = 00000000 ActivityState = 00000000 16:54:44 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x9000000}, 0x1c) [ 1139.485049] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1139.506172] *** Host State *** [ 1139.518878] RIP = 0xffffffff812047de RSP = 0xffff88818014f390 [ 1139.528163] Interruptibility = 00000000 ActivityState = 00000000 [ 1139.534416] *** Host State *** [ 1139.534430] RIP = 0xffffffff812047de RSP = 0xffff88817b647390 [ 1139.534453] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1139.534468] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1139.550312] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1139.550329] CR0=0000000080050033 CR3=00000001ce360000 CR4=00000000001426f0 [ 1139.550356] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 16:54:44 executing program 5: r0 = memfd_create(&(0x7f00000000c0)="d057ca", 0x1) fallocate(r0, 0x0, 0x2000427, 0x40) write(r0, &(0x7f0000002000)='/', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) [ 1139.579963] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1139.586407] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1139.612771] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1139.619333] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1139.630102] CR0=0000000080050033 CR3=00000001aaf8c000 CR4=00000000001426f0 [ 1139.641303] *** Control State *** [ 1139.644791] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1139.663525] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1139.682009] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1139.688507] EntryControls=0000d1ff ExitControls=002fefff [ 1139.700458] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1139.718274] *** Control State *** [ 1139.723074] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1139.733374] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1139.743729] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1139.755156] EntryControls=0000d1ff ExitControls=002fefff [ 1139.764221] reason=80000021 qualification=0000000000000000 [ 1139.773072] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1139.784757] IDTVectoring: info=00000000 errcode=00000000 [ 1139.790548] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1139.797240] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1139.797246] TSC Offset = 0xfffffd9c314c8afe [ 1139.797257] EPT pointer = 0x0000000187f2e01e [ 1139.835819] reason=80000021 qualification=0000000000000000 [ 1139.856491] IDTVectoring: info=00000000 errcode=00000000 [ 1139.888233] TSC Offset = 0xfffffd9c334f3b0a [ 1139.892848] EPT pointer = 0x00000001d27ac01e 16:54:46 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xffffffff00000000}, 0x1c) 16:54:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:46 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sched_setaffinity(0x0, 0x7, &(0x7f0000000240)=0x8000009) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000300)={0x0, 0x0, {0x52, 0x0, 0x2, {0x3}, {0x2, 0x5}, @ramp={0x0, 0xd9, {0x0, 0xa8e, 0x7}}}, {0x53, 0x0, 0xe23, {}, {0xb68, 0xa17}, @const={0x1, {0x6, 0xad6d, 0x0, 0x1}}}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='sit0\x00', 0x8b) sendto$inet(r1, &(0x7f0000000100), 0x0, 0x404c0c0, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000380)={0x0, 0x0, 0x2ffd}, 0x4) sendto$inet(r1, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) 16:54:46 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:46 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@broute={"62726f75746500888802004c11007a6c000700007a000200", 0x20, 0x2, 0x210, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'vlan0\x00', 'vcan0\x00', 'yam0\x00', 'erspan0\x00', @link_local, [], @empty, [], 0x70, 0x70, 0xa0}}, @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x1, [{{{0x3, 0x0, 0x0, 'bond_slave_1\x00', 'ip6gretap0\x00', 'bond_slave_1\x00', 'veth0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe0, [@connbytes={'connbytes\x00', 0x18}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}]}, 0x288) 16:54:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf5ffffff}, 0x1c) [ 1141.587187] *** Guest State *** [ 1141.593359] xt_connbytes: cannot load conntrack support for proto=7 [ 1141.599848] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1141.599895] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1141.599918] CR3 = 0x0000000000000000 [ 1141.599926] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1141.599953] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1141.599975] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1141.627450] *** Guest State *** [ 1141.656790] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1141.659500] IPVS: ftp: loaded support on port[0] = 21 [ 1141.670916] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1141.670938] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:54:46 executing program 0: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, "6e72300010000000000000001d00", 0x2}, 0x18) ioctl(r0, 0x8936, &(0x7f0000000000)) 16:54:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x600}, 0x1c) [ 1141.670957] SS: sel=0x0000, attr=0x07003, limit=0x00003000, base=0x0000000000000000 [ 1141.670975] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1141.670992] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1141.679054] xt_connbytes: Forcing CT accounting to be enabled [ 1141.703618] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 16:54:46 executing program 5: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x2d000) [ 1141.780442] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1141.811209] CR3 = 0x0000000000000000 [ 1141.815117] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1141.828935] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1141.837725] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1141.859287] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1141.867317] IDTR: limit=0x00000001, base=0x0000000000105000 16:54:46 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x4000000000000000}, 0x1c) 16:54:46 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r0 = syz_open_dev$video4linux(&(0x7f00000004c0)='/dev/v4l-subdev#\x00', 0x6, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000500)={0x0, 0x0, 0x9, 0x100}) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq(&(0x7f0000000440), 0x20, 0x0, 0x0) seccomp(0x1, 0x2, &(0x7f0000007ff0)={0x1, &(0x7f0000004fe8)=[{0x6, 0x0, 0x0, 0x50000}]}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'team_slave_0\x00'}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000200)="0fc7f43e650f01c80f060fae8600000f01eeba410066ed66b9b70900000f320fc76cf6b876028ed8b84e0c8ed0"}], 0x0, 0x0, &(0x7f00000001c0), 0x100000000000023e) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc-cast6-avx)\x00'}, 0x58) r2 = accept$alg(0xffffffffffffffff, 0x0, 0x0) read(r2, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0) io_setup(0x0, 0x0) io_submit(0x0, 0x12f, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000001000)}]) [ 1141.878483] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1141.885201] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1141.948459] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1141.962452] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1141.980263] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1141.999687] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.021980] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1142.031034] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.040304] Interruptibility = 00000000 ActivityState = 00000000 [ 1142.046746] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.054990] *** Host State *** [ 1142.058940] RIP = 0xffffffff812047de RSP = 0xffff88817f987390 [ 1142.065171] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.080522] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1142.094483] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1142.107530] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1142.137537] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.153885] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1142.166973] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1142.179059] CR0=0000000080050033 CR3=00000001d9691000 CR4=00000000001426e0 [ 1142.203501] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1142.212275] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1142.236495] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1142.247611] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1142.261208] *** Control State *** [ 1142.269546] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1142.281868] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1142.301532] Interruptibility = 00000000 ActivityState = 00000000 [ 1142.308025] EntryControls=0000d1ff ExitControls=002fefff [ 1142.328374] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1142.337580] *** Host State *** [ 1142.357745] RIP = 0xffffffff812047de RSP = 0xffff888183d87390 [ 1142.373265] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1142.387584] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1142.400500] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1142.409667] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1142.422798] reason=80000021 qualification=0000000000000000 [ 1142.435734] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1142.447096] IDTVectoring: info=00000000 errcode=00000000 [ 1142.456248] CR0=0000000080050033 CR3=00000001d7fcc000 CR4=00000000001426e0 [ 1142.467126] TSC Offset = 0xfffffd9a97efb2ec [ 1142.477568] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1142.486061] EPT pointer = 0x00000001a95ca01e [ 1142.494406] audit: type=1326 audit(1543769687.486:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0x50000 [ 1142.528640] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1142.551052] *** Control State *** [ 1142.566145] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1142.593532] audit: type=1326 audit(1543769687.486:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.624855] EntryControls=0000d1ff ExitControls=002fefff [ 1142.633284] audit: type=1326 audit(1543769687.496:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.657485] audit: type=1326 audit(1543769687.496:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.670957] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1142.681672] audit: type=1326 audit(1543769687.496:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.712753] audit: type=1326 audit(1543769687.506:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.721099] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1142.737096] audit: type=1326 audit(1543769687.506:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.768307] audit: type=1326 audit(1543769687.516:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x457569 code=0x50000 [ 1142.791493] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1142.800459] audit: type=1326 audit(1543769687.516:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0x50000 [ 1142.807130] reason=80000021 qualification=0000000000000000 [ 1142.824761] audit: type=1326 audit(1543769687.526:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=8391 comm="syz-executor0" exe="/root/syz-executor0" sig=0 arch=c000003e syscall=16 compat=0 ip=0x457569 code=0x50000 [ 1142.858439] IDTVectoring: info=00000000 errcode=00000000 [ 1142.863917] TSC Offset = 0xfffffd9a9748e171 [ 1142.873924] EPT pointer = 0x00000001d919001e 16:54:49 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:49 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, 0x0, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$netlink(r2, &(0x7f0000000000)=@unspec, 0xc) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) read(r1, &(0x7f0000000180)=""/76, 0x4c) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) 16:54:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1000000000000000}, 0x1c) 16:54:49 executing program 0: 16:54:49 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x0, 0x0, 0x2, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:49 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf7ffff7f}, 0x1c) 16:54:49 executing program 0: [ 1144.645250] *** Guest State *** [ 1144.650798] *** Guest State *** [ 1144.654107] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1144.672705] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1144.716532] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1144.717641] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1144.725743] IPVS: ftp: loaded support on port[0] = 21 16:54:49 executing program 0: [ 1144.768292] CR3 = 0x0000000000000000 [ 1144.772277] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1144.775389] CR3 = 0x0000000000000000 [ 1144.791527] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1144.824084] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1144.828202] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1144.838919] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1144.851416] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1144.857307] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1144.857479] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:54:49 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x200000000000000}, 0x1c) [ 1144.878295] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1144.886280] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1144.917786] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 16:54:49 executing program 0: [ 1144.943573] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1144.968450] SS: sel=0x0000, attr=0x07003, limit=0x00000000, base=0x0000000000100000 [ 1144.976593] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:50 executing program 0: [ 1144.993445] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1145.028492] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1145.036535] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1145.062361] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1145.078207] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1145.125561] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1145.134955] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:50 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1145.167028] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1145.176468] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1145.198325] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1145.215944] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1145.226986] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1145.249278] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1145.257320] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1145.268145] Interruptibility = 00000000 ActivityState = 00000000 [ 1145.272196] IPVS: ftp: loaded support on port[0] = 21 [ 1145.274386] *** Host State *** [ 1145.274401] RIP = 0xffffffff812047de RSP = 0xffff88817a2d7390 [ 1145.274426] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1145.274439] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1145.274453] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1145.298210] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1145.315762] CR0=0000000080050033 CR3=00000001bce29000 CR4=00000000001426e0 [ 1145.328215] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1145.335744] Interruptibility = 00000000 ActivityState = 00000000 [ 1145.335755] *** Host State *** [ 1145.368125] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1145.374824] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1145.404481] RIP = 0xffffffff812047de RSP = 0xffff88817f987390 [ 1145.418144] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1145.424672] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1145.438124] *** Control State *** [ 1145.441583] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1145.458266] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1145.464223] CR0=0000000080050033 CR3=00000001c2d47000 CR4=00000000001426f0 [ 1145.464238] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1145.488108] EntryControls=0000d1ff ExitControls=002fefff [ 1145.493572] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1145.526654] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1145.533065] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1145.541045] *** Control State *** [ 1145.544573] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1145.568530] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1145.575241] reason=80000021 qualification=0000000000000000 [ 1145.581712] EntryControls=0000d1ff ExitControls=002fefff [ 1145.587211] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1145.587222] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1145.587232] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1145.587245] reason=80000021 qualification=0000000000000000 16:54:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt(r0, 0x10e, 0xb, 0x0, 0x0) 16:54:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3f00000000000000}, 0x1c) 16:54:50 executing program 0: [ 1145.614892] IDTVectoring: info=00000000 errcode=00000000 [ 1145.628477] TSC Offset = 0xfffffd98f558cfb0 [ 1145.632806] EPT pointer = 0x00000001b508a01e [ 1145.688552] IDTVectoring: info=00000000 errcode=00000000 [ 1145.712089] TSC Offset = 0xfffffd98f653a44c [ 1145.748165] EPT pointer = 0x00000001c4d3501e 16:54:50 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:50 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_adj\x00') sendfile(r1, r1, 0x0, 0x1000) 16:54:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xa}, 0x1c) 16:54:50 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket$inet6_udplite(0xa, 0x2, 0x88) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply}}}}, &(0x7f0000000040)={0x1, 0x1}) [ 1145.852476] syz-executor0 (8481): /proc/8478/oom_adj is deprecated, please use /proc/8478/oom_score_adj instead. 16:54:50 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x800000000000000}, 0x1c) [ 1145.933283] *** Guest State *** [ 1145.936008] *** Guest State *** [ 1145.936612] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1145.949288] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:54:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x61) read(r0, &(0x7f00000001c0)=""/11, 0xb) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) 16:54:51 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket$inet6_udplite(0xa, 0x2, 0x88) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply}}}}, &(0x7f0000000040)={0x1, 0x1}) [ 1145.978431] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1145.988944] CR3 = 0x0000000000000000 [ 1145.992701] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1146.038416] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1146.039208] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1146.080016] CR3 = 0x0000000000000000 [ 1146.082518] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1146.091142] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1146.099771] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1146.102564] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1146.107941] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 [ 1146.125944] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1146.146225] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1146.158298] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1146.183176] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1146.191876] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1146.208946] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.219317] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1146.228684] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1146.235457] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.236795] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1146.253389] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1146.257553] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.262336] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1146.262362] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1146.262380] Interruptibility = 00000000 ActivityState = 00000000 [ 1146.262385] *** Host State *** [ 1146.262399] RIP = 0xffffffff812047de RSP = 0xffff88818238f390 [ 1146.262423] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1146.262437] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1146.262449] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1146.262465] CR0=0000000080050033 CR3=00000001a88fd000 CR4=00000000001426e0 [ 1146.262480] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1146.262494] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1146.285494] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.292188] *** Control State *** [ 1146.302082] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.306826] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1146.331577] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.334452] EntryControls=0000d1ff ExitControls=002fefff [ 1146.351821] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1146.360566] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1146.379111] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.381313] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1146.400642] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1146.403311] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1146.423159] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1146.424865] reason=80000021 qualification=0000000000000000 [ 1146.439306] IDTVectoring: info=00000000 errcode=00000000 [ 1146.445024] TSC Offset = 0xfffffd9844526f62 [ 1146.445978] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1146.449821] EPT pointer = 0x00000001d772801e [ 1146.462081] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1146.472056] Interruptibility = 00000000 ActivityState = 00000000 [ 1146.478938] *** Host State *** [ 1146.482367] RIP = 0xffffffff812047de RSP = 0xffff88817e6a7390 [ 1146.488933] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1146.495570] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1146.503759] *** Guest State *** [ 1146.507553] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1146.516870] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1146.523221] CR0=0000000080050033 CR3=00000001bce7d000 CR4=00000000001426f0 [ 1146.530685] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1146.540108] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1146.546954] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1146.554530] CR3 = 0x0000000000000000 [ 1146.558696] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1146.564835] *** Control State *** [ 1146.569827] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1146.576645] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1146.584023] EntryControls=0000d1ff ExitControls=002fefff [ 1146.589925] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1146.596764] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1146.605207] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1146.613718] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1146.620859] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1146.628856] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1146.628866] reason=80000021 qualification=0000000000000000 [ 1146.628881] IDTVectoring: info=00000000 errcode=00000000 [ 1146.628888] TSC Offset = 0xfffffd9843e450f7 [ 1146.628897] EPT pointer = 0x00000001ccc9601e [ 1146.698212] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 [ 1146.718308] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1146.726365] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1146.734508] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1146.742658] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1146.750808] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1146.758946] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1146.766967] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1146.775109] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1146.781679] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1146.789312] Interruptibility = 00000000 ActivityState = 00000000 [ 1146.795616] *** Host State *** [ 1146.799010] RIP = 0xffffffff812047de RSP = 0xffff88817b9a7390 [ 1146.805038] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1146.811598] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1146.819626] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1146.825562] CR0=0000000080050033 CR3=00000001a88fd000 CR4=00000000001426f0 [ 1146.832715] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1146.839557] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1146.845659] *** Control State *** [ 1146.849269] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1146.855976] EntryControls=0000d1ff ExitControls=002fefff [ 1146.861592] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1146.868674] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1146.875389] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1146.882174] reason=80000021 qualification=0000000000000000 [ 1146.888662] IDTVectoring: info=00000000 errcode=00000000 [ 1146.894150] TSC Offset = 0xfffffd9844526f62 [ 1146.898713] EPT pointer = 0x00000001d772801e 16:54:53 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfe80}, 0x1c) 16:54:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket$inet6_udplite(0xa, 0x2, 0x88) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply}}}}, &(0x7f0000000040)={0x1, 0x1}) 16:54:53 executing program 0: move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80042407, 0x0) r0 = socket$inet6(0xa, 0x6, 0x4) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$usbmon(&(0x7f0000008400)='/dev/usbmon#\x00', 0x8001, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000008500)={r1, &(0x7f0000008440), 0x0}, 0x18) keyctl$set_reqkey_keyring(0xe, 0x6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x2c) sched_getparam(0x0, 0x0) connect$inet6(r0, 0x0, 0x0) setrlimit(0x400000000000007, &(0x7f0000000000)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000008540), 0x4) bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x4, 0x4, 0x9, 0x0, r2}, 0x2c) getpid() recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0) 16:54:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:53 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x0, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf401}, 0x1c) 16:54:53 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") socket$inet6_udplite(0xa, 0x2, 0x88) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x32, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply}}}}, &(0x7f0000000040)={0x1, 0x1}) [ 1148.362229] *** Guest State *** [ 1148.380599] *** Guest State *** [ 1148.383696] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1148.394436] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 16:54:53 executing program 0: r0 = socket(0x11, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f0000000100)) [ 1148.441072] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1148.466239] IPVS: ftp: loaded support on port[0] = 21 [ 1148.475948] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1148.493225] CR3 = 0x0000000000000000 [ 1148.501667] CR3 = 0x0000000000000000 [ 1148.511962] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1148.521936] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1148.534075] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:54:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x8000000}, 0x1c) [ 1148.547279] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1148.554346] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1148.575394] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1148.576797] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1148.613002] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1148.628728] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1148.642822] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:53 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) [ 1148.671654] SS: sel=0x0000, attr=0x10000, limit=0x00003000, base=0x0000000000100000 [ 1148.713363] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1148.728261] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:53 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x500}, 0x1c) [ 1148.757856] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1148.766254] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1148.790754] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1148.841452] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1148.855374] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1148.898184] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1148.936203] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1148.947839] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1148.980042] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1149.009076] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1149.018378] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1149.032936] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1149.044133] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1149.058102] Interruptibility = 00000000 ActivityState = 00000000 [ 1149.071316] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1149.080824] *** Host State *** [ 1149.087612] RIP = 0xffffffff812047de RSP = 0xffff888184697390 [ 1149.101083] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1149.110601] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1149.124363] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1149.136124] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1149.149598] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1149.158210] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1149.170706] CR0=0000000080050033 CR3=00000001ce360000 CR4=00000000001426e0 [ 1149.183803] Interruptibility = 00000000 ActivityState = 00000000 [ 1149.192753] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1149.206853] *** Host State *** [ 1149.211574] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1149.221436] RIP = 0xffffffff812047de RSP = 0xffff88817b9a7390 [ 1149.231277] *** Control State *** [ 1149.239742] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1149.246431] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1149.261663] EntryControls=0000d1ff ExitControls=002fefff [ 1149.268581] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1149.283705] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1149.295662] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1149.305449] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1149.317129] CR0=0000000080050033 CR3=00000001d20ff000 CR4=00000000001426f0 [ 1149.328141] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1149.347340] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1149.357771] reason=80000021 qualification=0000000000000000 [ 1149.374627] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1149.382052] IDTVectoring: info=00000000 errcode=00000000 [ 1149.397775] TSC Offset = 0xfffffd96f86ec997 [ 1149.403510] *** Control State *** [ 1149.413042] EPT pointer = 0x00000001cbb6c01e [ 1149.428435] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1149.447111] EntryControls=0000d1ff ExitControls=002fefff [ 1149.452865] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1149.460065] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1149.466925] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1149.473715] reason=80000021 qualification=0000000000000000 [ 1149.480285] IDTVectoring: info=00000000 errcode=00000000 [ 1149.485942] TSC Offset = 0xfffffd96f7d663cb [ 1149.490916] EPT pointer = 0x00000001d816001e 16:54:56 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x80fe}, 0x1c) 16:54:56 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x0, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:56 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{0xffffffffffffffff, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:54:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:56 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1151.486003] *** Guest State *** 16:54:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf401000000000000}, 0x1c) [ 1151.509152] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1151.522831] *** Guest State *** [ 1151.552682] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1151.575582] IPVS: ftp: loaded support on port[0] = 21 [ 1151.593702] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1151.641414] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1151.646726] CR3 = 0x0000000000000000 [ 1151.668975] CR3 = 0x0000000000000000 [ 1151.672765] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1151.701951] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1151.714269] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:54:56 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x300}, 0x1c) [ 1151.746998] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1151.762780] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1151.775101] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1151.816477] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1151.838834] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1151.887486] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1151.904864] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1151.950371] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 [ 1151.966170] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:57 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfffffffffffff000}, 0x1c) [ 1152.004471] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1152.034888] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1152.084578] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1152.093091] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1152.139033] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1152.148602] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:54:57 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x5}, 0x1c) [ 1152.192237] GDTR: limit=0x00003000, base=0x0000000000000000 [ 1152.206183] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1152.239498] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1152.247498] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1152.256041] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1152.264104] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1152.270395] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1152.270581] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1152.290373] Interruptibility = 00000000 ActivityState = 00000000 [ 1152.296616] *** Host State *** [ 1152.299901] RIP = 0xffffffff812047de RSP = 0xffff88817b9a7390 [ 1152.305894] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1152.311317] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1152.312401] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1152.329221] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 16:54:57 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x3000000}, 0x1c) [ 1152.335148] CR0=0000000080050033 CR3=0000000179b1f000 CR4=00000000001426e0 [ 1152.342243] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1152.349471] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1152.358349] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1152.364431] *** Control State *** [ 1152.367901] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1152.378397] EFER = 0x0000000000000800 PAT = 0x0007040600070406 16:54:57 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1152.384945] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1152.384956] Interruptibility = 00000000 ActivityState = 00000000 [ 1152.406848] EntryControls=0000d1ff ExitControls=002fefff [ 1152.412651] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1152.419993] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1152.427099] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1152.434070] *** Host State *** [ 1152.437275] RIP = 0xffffffff812047de RSP = 0xffff8881be61f390 [ 1152.443589] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1152.454554] reason=80000021 qualification=0000000000000000 [ 1152.466222] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1152.474899] IDTVectoring: info=00000000 errcode=00000000 [ 1152.481102] TSC Offset = 0xfffffd954c547fd4 [ 1152.485593] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1152.491990] EPT pointer = 0x000000018193b01e [ 1152.496560] CR0=0000000080050033 CR3=00000001c3bdf000 CR4=00000000001426f0 [ 1152.530635] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1152.549273] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1152.557789] *** Control State *** [ 1152.562978] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1152.570074] EntryControls=0000d1ff ExitControls=002fefff [ 1152.575653] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1152.618745] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1152.625424] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1152.688125] reason=80000021 qualification=0000000000000000 [ 1152.694478] IDTVectoring: info=00000000 errcode=00000000 [ 1152.748279] TSC Offset = 0xfffffd954bfc3a9b [ 1152.752892] EPT pointer = 0x00000001d0f5701e 16:54:59 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:54:59 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:54:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:54:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x2000000}, 0x1c) 16:54:59 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x0, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:54:59 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:54:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x4000}, 0x1c) [ 1154.605759] *** Guest State *** [ 1154.621033] *** Guest State *** [ 1154.627964] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1154.695200] IPVS: ftp: loaded support on port[0] = 21 [ 1154.708405] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1154.718911] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1154.728625] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1154.791093] CR3 = 0x0000000000000000 [ 1154.794876] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1154.810946] CR3 = 0x0000000000000000 [ 1154.814766] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:54:59 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x4}, 0x1c) [ 1154.868196] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1154.874245] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1154.897408] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1154.958146] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1154.978225] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.006345] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1155.029375] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.046321] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:55:00 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1155.076029] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.109762] SS: sel=0x0000, attr=0x03001, limit=0x00003000, base=0x0000000000100000 [ 1155.117753] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 16:55:00 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfffffffe}, 0x1c) [ 1155.117773] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1155.117793] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1155.117807] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1155.117827] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1155.117840] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1155.117858] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1155.174811] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1155.184973] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.201510] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1155.222029] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.234284] Interruptibility = 00000000 ActivityState = 00000000 [ 1155.248766] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.259784] *** Host State *** 16:55:00 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x700000000000000}, 0x1c) [ 1155.279141] RIP = 0xffffffff812047de RSP = 0xffff88817c677390 [ 1155.302781] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1155.317894] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1155.373992] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1155.391772] FSBase=00007f21f520b700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1155.435218] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1155.449577] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1155.471751] CR0=0000000080050033 CR3=00000001c2545000 CR4=00000000001426e0 [ 1155.481662] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:00 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1155.515981] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1155.536399] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1155.566595] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1155.579214] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1155.605732] *** Control State *** [ 1155.626131] Interruptibility = 00000000 ActivityState = 00000000 [ 1155.635386] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1155.664618] *** Host State *** [ 1155.675138] EntryControls=0000d1ff ExitControls=002fefff [ 1155.687976] RIP = 0xffffffff812047de RSP = 0xffff88817b04f390 [ 1155.708606] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1155.720262] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1155.732740] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1155.742171] FSBase=00007fb75975d700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1155.761984] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1155.775168] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1155.788309] reason=80000021 qualification=0000000000000000 [ 1155.799708] CR0=0000000080050033 CR3=00000001ce1bd000 CR4=00000000001426e0 [ 1155.815877] IDTVectoring: info=00000000 errcode=00000000 [ 1155.827473] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1155.838127] TSC Offset = 0xfffffd93a0f48747 [ 1155.847493] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1155.854171] EPT pointer = 0x00000001d754f01e [ 1155.867134] *** Control State *** [ 1155.876100] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1155.897897] EntryControls=0000d1ff ExitControls=002fefff [ 1155.910536] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1155.940850] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1155.984220] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1155.990928] reason=80000021 qualification=0000000000000000 [ 1155.997253] IDTVectoring: info=00000000 errcode=00000000 [ 1156.002774] TSC Offset = 0xfffffd93a1735c0d [ 1156.007098] EPT pointer = 0x00000001c64a201e 16:55:02 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000480)=0x50) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:55:02 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x0, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x500000000000000}, 0x1c) 16:55:02 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:02 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x400000000000058, 0x0) 16:55:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x10000000}, 0x1c) [ 1157.693109] *** Guest State *** [ 1157.698219] *** Guest State *** [ 1157.718231] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1157.727346] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1157.751808] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1157.762901] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1157.764081] IPVS: ftp: loaded support on port[0] = 21 [ 1157.812334] CR3 = 0x0000000000000000 [ 1157.848570] CR3 = 0x0000000000000000 [ 1157.859585] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1157.869908] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1157.888393] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1157.904067] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1157.918354] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1157.930965] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1157.946113] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:02 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x30000000}, 0x1c) [ 1157.959319] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1157.986467] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1158.005562] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1158.033616] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1158.054724] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 16:55:03 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1158.084335] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1158.095549] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1158.106847] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1158.115593] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1158.124235] GDTR: limit=0x00003000, base=0x0000000000003000 16:55:03 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe}, 0x1c) [ 1158.138567] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1158.145395] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1158.165592] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1158.174715] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1158.185858] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1158.198595] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1158.206621] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1158.211674] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:03 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1158.252403] IDTR: limit=0x00000001, base=0x0000000000000000 [ 1158.304248] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1158.338476] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:03 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1100000000000000}, 0x1c) [ 1158.357967] Interruptibility = 00000000 ActivityState = 00000000 [ 1158.366199] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1158.386367] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1158.400973] *** Host State *** [ 1158.415766] RIP = 0xffffffff812047de RSP = 0xffff88817e6a7390 [ 1158.442559] Interruptibility = 00000000 ActivityState = 00000000 [ 1158.458828] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1158.473756] *** Host State *** [ 1158.485368] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1158.493693] RIP = 0xffffffff812047de RSP = 0xffff88817aa4f390 [ 1158.516319] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1158.529505] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1158.549990] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1158.560994] CR0=0000000080050033 CR3=00000001caef6000 CR4=00000000001426e0 [ 1158.588511] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1158.599900] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1158.619468] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1158.629465] CR0=0000000080050033 CR3=00000001d249a000 CR4=00000000001426e0 [ 1158.647323] *** Control State *** [ 1158.656000] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1158.665501] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1158.687938] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1158.694843] EntryControls=0000d1ff ExitControls=002fefff [ 1158.715781] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1158.725558] *** Control State *** [ 1158.736401] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1158.745751] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1158.767622] EntryControls=0000d1ff ExitControls=002fefff [ 1158.776094] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1158.791379] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1158.802250] reason=80000021 qualification=0000000000000000 [ 1158.819767] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1158.826756] IDTVectoring: info=00000000 errcode=00000000 [ 1158.841731] TSC Offset = 0xfffffd91f99e97d0 [ 1158.849665] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1158.861203] EPT pointer = 0x00000001cbc9601e [ 1158.888806] reason=80000021 qualification=0000000000000000 [ 1158.918376] IDTVectoring: info=00000000 errcode=00000000 [ 1158.960635] TSC Offset = 0xfffffd91f92ec974 [ 1158.992792] EPT pointer = 0x00000001c16d201e 16:55:05 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:55:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x40000000}, 0x1c) 16:55:05 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x0, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:05 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:05 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:05 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x8dffffff}, 0x1c) [ 1160.811034] *** Guest State *** [ 1160.813500] *** Guest State *** [ 1160.814402] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1160.817798] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1160.919510] IPVS: ftp: loaded support on port[0] = 21 [ 1160.971638] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1160.981382] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1161.028233] CR3 = 0x0000000000000000 [ 1161.032069] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1161.059027] CR3 = 0x0000000000000000 [ 1161.068958] RFLAGS=0x00000002 DR7 = 0x0000000000000400 16:55:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf000}, 0x1c) [ 1161.088878] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1161.125674] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1161.145965] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1161.181938] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.205408] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1161.243566] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.254226] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1161.317198] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.326254] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 16:55:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x1000000}, 0x1c) [ 1161.366153] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.375238] SS: sel=0x0000, attr=0x05001, limit=0x00003000, base=0x0000000000100000 [ 1161.398290] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:06 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1161.421529] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.441909] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1161.452315] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1161.458901] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 16:55:06 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) [ 1161.503930] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1161.536970] GDTR: limit=0x00003000, base=0x0000000000003000 16:55:06 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe803000000000000}, 0x1c) [ 1161.552897] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.577212] IDTR: limit=0x00000000, base=0x0000000000000000 [ 1161.582584] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1161.609181] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1161.617206] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1161.633580] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1161.708231] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1161.714930] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1161.726277] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1161.735157] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1161.776353] Interruptibility = 00000000 ActivityState = 00000000 [ 1161.783625] Interruptibility = 00000000 ActivityState = 00000000 [ 1161.820708] *** Host State *** [ 1161.824215] *** Host State *** [ 1161.856116] RIP = 0xffffffff812047de RSP = 0xffff88817aa4f390 [ 1161.863703] RIP = 0xffffffff812047de RSP = 0xffff888182b87390 [ 1161.907973] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1161.915509] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1161.955094] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1161.963776] FSBase=00007fb75975d700 GSBase=ffff8881dae00000 TRBase=fffffe0000033000 [ 1162.010467] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1162.016807] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1162.050261] CR0=0000000080050033 CR3=000000017e60f000 CR4=00000000001426e0 [ 1162.057686] CR0=0000000080050033 CR3=0000000171d92000 CR4=00000000001426f0 [ 1162.100441] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1162.107470] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1162.138326] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1162.144747] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1162.169618] *** Control State *** [ 1162.173381] *** Control State *** [ 1162.186606] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1162.194044] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1162.217687] EntryControls=0000d1ff ExitControls=002fefff [ 1162.223735] EntryControls=0000d1ff ExitControls=002fefff [ 1162.243646] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1162.251131] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1162.276059] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1162.283320] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1162.307601] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1162.314228] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1162.314238] reason=80000021 qualification=0000000000000000 [ 1162.314246] IDTVectoring: info=00000000 errcode=00000000 [ 1162.314253] TSC Offset = 0xfffffd904eeec3cc [ 1162.314263] EPT pointer = 0x00000001bf27001e [ 1162.367161] reason=80000021 qualification=0000000000000000 [ 1162.414702] IDTVectoring: info=00000000 errcode=00000000 [ 1162.435301] TSC Offset = 0xfffffd904d706b89 [ 1162.439718] EPT pointer = 0x00000001c3b0801e 16:55:08 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:55:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf7ffff7f00000000}, 0x1c) 16:55:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:08 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:08 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r6, &(0x7f0000007e00), 0x400000000000058, 0x0) 16:55:08 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x0, 0x25937203}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:08 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x8dffffff00000000}, 0x1c) [ 1163.807715] *** Guest State *** [ 1163.812716] *** Guest State *** [ 1163.831270] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1163.844226] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 1163.920098] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1163.936404] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1163.961450] IPVS: ftp: loaded support on port[0] = 21 [ 1163.995538] CR3 = 0x0000000000000000 [ 1163.998233] CR3 = 0x0000000000000000 [ 1164.003103] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1164.028964] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 16:55:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x20000000}, 0x1c) [ 1164.048414] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1164.078224] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1164.093586] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1164.101666] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.178698] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1164.206605] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.234298] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1164.269442] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.306477] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1164.335922] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x100000}, 0x1c) [ 1164.365049] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 [ 1164.394575] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.452343] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1164.484673] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.499754] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1164.507755] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1164.515993] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1164.524131] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1164.534422] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1164.542483] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 16:55:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xeffdffff}, 0x1c) [ 1164.551464] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1164.568232] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1164.572925] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1164.591261] Interruptibility = 00000000 ActivityState = 00000000 [ 1164.597769] *** Host State *** [ 1164.601154] RIP = 0xffffffff812047de RSP = 0xffff88817e32f390 [ 1164.607662] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.619469] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1164.626035] FSBase=00007f21f522c700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1164.641115] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 16:55:09 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040), 0x4804) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r2, 0x40}, {r3, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r4}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) 16:55:09 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x400000000000000}, 0x1c) [ 1164.645084] IDTR: limit=0x00000000, base=0x0000000000000000 [ 1164.656449] CR0=0000000080050033 CR3=00000001bc4e9000 CR4=00000000001426e0 [ 1164.663695] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1164.685405] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1164.703544] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1164.717056] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1164.735606] *** Control State *** [ 1164.745155] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1164.754296] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1164.770553] Interruptibility = 00000000 ActivityState = 00000000 [ 1164.784068] *** Host State *** [ 1164.786144] EntryControls=0000d1ff ExitControls=002fefff [ 1164.792276] RIP = 0xffffffff812047de RSP = 0xffff8881842c7390 [ 1164.812969] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1164.819175] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1164.841999] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1164.859138] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1164.867851] FSBase=00007fb75977e700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1164.873851] reason=80000021 qualification=0000000000000000 [ 1164.888242] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1164.898517] IDTVectoring: info=00000000 errcode=00000000 [ 1164.905266] CR0=0000000080050033 CR3=00000001c2193000 CR4=00000000001426f0 [ 1164.915044] TSC Offset = 0xfffffd8eb32d284c [ 1164.919816] EPT pointer = 0x00000001a952801e [ 1164.924423] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1164.954084] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1164.983555] *** Control State *** [ 1164.991024] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1165.013665] EntryControls=0000d1ff ExitControls=002fefff [ 1165.030907] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1165.038020] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1165.045267] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1165.052360] reason=80000021 qualification=0000000000000000 [ 1165.059539] IDTVectoring: info=00000000 errcode=00000000 [ 1165.065107] TSC Offset = 0xfffffd8eb15eb5b7 [ 1165.069937] EPT pointer = 0x00000001bb94701e 16:55:11 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, 0x0, &(0x7f0000000480)) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:55:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xa00000000000000}, 0x1c) 16:55:11 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r5, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:11 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2}, {0xd000, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:11 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) socket$key(0xf, 0x3, 0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:11 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x900000000000000}, 0x1c) [ 1166.956856] *** Guest State *** [ 1166.966286] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 1166.969907] *** Guest State *** [ 1167.017601] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1167.031606] IPVS: ftp: loaded support on port[0] = 21 [ 1167.067636] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1167.074164] CR3 = 0x0000000000000000 [ 1167.106146] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1167.143675] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1167.170013] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1167.205703] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1167.215164] CR3 = 0x0000000000000000 16:55:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x2}, 0x1c) [ 1167.251595] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1167.257660] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1167.291704] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.329068] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1167.335841] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 [ 1167.367067] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.375161] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.399261] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1167.407283] SS: sel=0x0000, attr=0x06001, limit=0x00003000, base=0x0000000000100000 [ 1167.415504] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0x400300}, 0x1c) [ 1167.429938] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1167.439558] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.448397] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1167.456435] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1167.466310] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.474791] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1167.485382] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1167.493770] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1167.502144] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.510556] IDTR: limit=0x00000001, base=0x0000000000105000 16:55:12 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:12 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xe803}, 0x1c) [ 1167.524431] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x000000000000d000 [ 1167.535867] IDTR: limit=0x00000000, base=0x0000000000000000 [ 1167.545053] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1167.561525] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1167.573031] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1167.599149] Interruptibility = 00000000 ActivityState = 00000000 [ 1167.607748] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1167.621283] *** Host State *** [ 1167.629189] RIP = 0xffffffff812047de RSP = 0xffff88817f9c7390 [ 1167.636437] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 16:55:12 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) [ 1167.655626] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1167.675024] FSBase=00007f21f522c700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1167.684171] Interruptibility = 00000000 ActivityState = 00000000 [ 1167.712478] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1167.722004] *** Host State *** [ 1167.739797] RIP = 0xffffffff812047de RSP = 0xffff88817fd4f390 [ 1167.745951] CR0=0000000080050033 CR3=00000001bfc72000 CR4=00000000001426f0 [ 1167.776333] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1167.783459] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1167.823481] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1167.835551] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000003000 [ 1167.843396] *** Control State *** [ 1167.843407] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1167.843414] EntryControls=0000d1ff ExitControls=002fefff [ 1167.843428] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1167.843437] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1167.843445] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1167.843453] reason=80000021 qualification=0000000000000000 [ 1167.843465] IDTVectoring: info=00000000 errcode=00000000 [ 1167.893147] TSC Offset = 0xfffffd8d03b7719e [ 1167.893981] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1167.897898] EPT pointer = 0x00000001d899401e [ 1167.928232] CR0=0000000080050033 CR3=00000001bea06000 CR4=00000000001426e0 [ 1167.935266] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 1167.959757] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1167.979698] *** Control State *** [ 1168.009555] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1168.040391] EntryControls=0000d1ff ExitControls=002fefff [ 1168.064038] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1168.080234] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1168.094875] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1168.109980] reason=80000021 qualification=0000000000000000 [ 1168.124569] IDTVectoring: info=00000000 errcode=00000000 [ 1168.135817] TSC Offset = 0xfffffd8d03c4e05b [ 1168.146160] EPT pointer = 0x000000017a64501e 16:55:14 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) 16:55:14 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xfe80000000000000}, 0x1c) 16:55:14 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0x0, 0x0, 0x0, 0x296f, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:14 executing program 5: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r7, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000000100)) 16:55:14 executing program 0: r0 = socket(0x11, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4804) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000280)={0xffffffffffffffff}) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/member\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000540)) r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000600)='/dev/full\x00', 0x1, 0x0) ppoll(&(0x7f0000000640)=[{r3, 0x40}, {r4, 0x2168}, {0xffffffffffffffff, 0x40}, {0xffffffffffffffff, 0x8020}, {0xffffffffffffffff, 0x1000}, {}, {r5}], 0x7, &(0x7f00000006c0), &(0x7f0000000700)={0x3f}, 0x8) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x2, 0x7, 0x0, 0x9, 0x2}, 0x10}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x81) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0x4762d17e}}, 0xe8) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r8, &(0x7f0000007e00), 0x400000000000058, 0x0) io_destroy(0x0) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="e3"], 0x1) ioctl$TIOCMGET(r2, 0x5415, &(0x7f0000000080)) [ 1170.088205] *** Guest State *** [ 1170.090223] *** Guest State *** [ 1170.091554] CR0: actual=0x0000000080010020, shadow=0x0000000080010000, gh_mask=fffffffffffffff7 [ 1170.091571] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1170.091579] CR3 = 0x0000000000000000 16:55:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local, 0xf0ffffff7f0000}, 0x1c) [ 1170.091589] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1170.091607] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1170.123545] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 1170.238571] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1170.252625] IPVS: ftp: loaded support on port[0] = 21 [ 1170.283300] CS: sel=0x0000, attr=0x10000, limit=0x00004000, base=0x0000000000000000 16:55:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x2000001c) [ 1170.371814] DS: sel=0x0000, attr=0x10000, limit=0x00100000, base=0x0000000000000000 [ 1170.402533] CR4: actual=0x000000000000224d, shadow=0x000000000000020d, gh_mask=ffffffffffffe871 [ 1170.464294] SS: sel=0x0000, attr=0x07001, limit=0x00003000, base=0x0000000000100000 [ 1170.486551] CR3 = 0x0000000000000000 [ 1170.521059] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 1170.547308] ES: sel=0x0019, attr=0x10000, limit=0x00000004, base=0x0000000000006004 [ 1170.581103] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1170.613434] FS: sel=0x000b, attr=0x020e9, limit=0x00002000, base=0x0000000000012000 [ 1170.631801] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 16:55:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x17) [ 1170.674321] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.683748] GS: sel=0x000d, attr=0x10000, limit=0x00015000, base=0x0000000000000000 [ 1170.749245] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.818781] GDTR: limit=0x00003000, base=0x0000000000003000 [ 1170.848576] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:15 executing program 4: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0xfffffffffffffffc) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() setpriority(0x2, r0, 0x8) clone(0x2040000003, 0x0, 0x0, 0x0, &(0x7f00000004c0)="b047895deca320a7d78edcac62ec719c67f836ac6024f61008ea772b40bda4715459a9ad561c901257506e45f86d4780fa4955a878ebfaac84204eb421a2ec51e7a2ca1cc388d3cd33c56b3953cb3b45dc40528796b10e7dae7f3b4da33c91792a59dedd4e72638be3c65e033dadea01e17d00ea458befdd02aed19dbfce83543042267286dceeba0ba43c7134d078ef9d69cea95b34f620d591a457589d1e6d2e29e057c16159acd6a8ee7c1f7b092090547276cf972eeb1fcff6227e3be4153fe3675815842a74f6741122f202550d5911441e20be734204610c472688fdc059067357b32579bd0b42cc233f7b7ef795761732") ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x8000000000000014) r1 = socket$inet6(0xa, 0x0, 0x3) sync() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000000c0)=0x0) wait4(r2, &(0x7f0000000180), 0x80000000, &(0x7f0000000280)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) socket$inet6(0xa, 0x80000, 0x4) sched_getparam(0x0, &(0x7f0000000040)) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000200)={0x2, 0x1000, 0x101, 0x8, 0xffff, 0xffffffffffffff00, 0x7fffffff, 0x100, 0x6, 0xcf0f, 0x5, 0xfffffffffffffffb}) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000003c0)={'filter\x00'}, 0x0) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) [ 1170.879958] LDTR: sel=0x000f, attr=0x0a082, limit=0x00003000, base=0x0000000000103000 [ 1170.887991] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.888012] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.904101] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.912246] GDTR: limit=0x00000000, base=0x0000000000000000 [ 1170.920406] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:55:15 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1b) [ 1170.929719] IDTR: limit=0x00000000, base=0x0000000000000000 [ 1170.937810] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1170.945998] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1170.953475] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1170.961114] Interruptibility = 00000000 ActivityState = 00000000 [ 1170.967646] *** Host State *** [ 1170.971071] RIP = 0xffffffff812047de RSP = 0xffff888179f97390 16:55:16 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4601fff903000000000100000003003e00018000004f01000038000000ea00000006000000000020000200ae020600040000000000050000000700000001000000040000000300000053a000000104000006000000f412ee7e3c2635982051bfee9212e09f870199329a5f8d520974453607852d99c7a3f8a81f0d5b4317c3dea017ffd10000000000"], 0x8c) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000680)={0xc, 0x8, 0xfa00, {&(0x7f0000000500)}}, 0x10) prctl$PR_GET_KEEPCAPS(0x7) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00') ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f00000002c0)={0x92, 0x9, 0x0, 0x3, 0x3, 0x2e}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000380)={0xffffffffffffffff}, 0x106}}, 0x3f2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x40000, 0x4) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000000c0)) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}, r2}}, 0x48) [ 1170.977221] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1170.988244] FSBase=00007fb75977e700 GSBase=ffff8881daf00000 TRBase=fffffe0000033000 [ 1170.996093] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 1171.002039] IDTR: limit=0x00000001, base=0x0000000000105000 [ 1171.043863] CR0=0000000080050033 CR3=00000001bce24000 CR4=00000000001426e0 [ 1171.056194] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 1171.070147] IPVS: ftp: loaded support on port[0] = 21 [ 1171.077694] EFER = 0x0000000000000800 PAT = 0x0007040600070406 [ 1171.084180] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 16:55:16 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000680)={0xc, 0x8, 0xfa00, {&(0x7f0000000500)}}, 0x10) prctl$PR_GET_KEEPCAPS(0x7) r1 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000180)={0x8, 0xf, 0x4, 0x8939604624df91a3, {r2, r3/1000+30000}, {0x0, 0xe, 0x8, 0x1, 0x1, 0x1, "fabb4020"}, 0xc0000, 0x1, @offset=0x401, 0x4}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000380)={0xffffffffffffffff}, 0x106}}, 0x3f2) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}, r4}}, 0x48) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r4}}, 0x10) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000200)=0x20) [ 1171.084194] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1171.084199] *** Control State *** [ 1171.084209] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1171.084217] EntryControls=0000d1ff ExitControls=002fefff [ 1171.084231] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1171.084240] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1171.084249] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1171.084258] reason=80000021 qualification=0000000000000000 [ 1171.084266] IDTVectoring: info=00000000 errcode=00000000 [ 1171.084273] TSC Offset = 0xfffffd8b558658c8 [ 1171.084282] EPT pointer = 0x00000001a868001e 16:55:16 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x4400, 0x0) pipe2(&(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000c80)=r1) r2 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000034c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x4d6, 0x2b}, 0x2, @in, 0x0, 0x1, 0x0, 0x1}}, 0xe8) sendto$inet6(r2, 0x0, 0x17c, 0x20000000, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @local}, 0x1c) recvmmsg(r2, &(0x7f0000005840)=[{{&(0x7f0000005d40)=@nfc, 0x80, &(0x7f00000005c0)=[{&(0x7f00000000c0)=""/150, 0xffffffffffffff57}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/195, 0xc3}, {&(0x7f00000003c0)=""/16, 0x10}, {&(0x7f0000000400)=""/107, 0x6b}, {&(0x7f0000000480)=""/169, 0xa9}, {&(0x7f0000000540)=""/81, 0x51}], 0x7, &(0x7f0000000640)=""/82, 0x52}, 0x100000001}, {{&(0x7f00000006c0)=@alg, 0x80, &(0x7f0000000900)=[{&(0x7f0000000740)=""/64, 0x40}, {&(0x7f0000000780)=""/153, 0x99}, {&(0x7f0000000840)=""/24, 0x18}, {&(0x7f0000000880)=""/91, 0x5b}], 0x4, &(0x7f0000000940)=""/210, 0xd2, 0x5}, 0x7}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000a40)=""/164, 0xa4}, {&(0x7f0000000b00)=""/133, 0x85}], 0x2, &(0x7f0000000c00)=""/46, 0x1b, 0xffffffffffffffff}, 0x8000}, {{&(0x7f0000005a00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000cc0)=""/63, 0x3f}, {&(0x7f0000000d00)=""/133, 0x85}, {&(0x7f0000000dc0)=""/83, 0x53}, {&(0x7f0000000e40)=""/72, 0x48}, {&(0x7f0000000ec0)=""/69, 0x45}], 0x5, &(0x7f0000000fc0)=""/218, 0xda, 0x1}, 0x9}, {{&(0x7f00000010c0)=@in={0x2, 0x0, @remote}, 0x80, &(0x7f0000001200)=[{&(0x7f0000001140)=""/81, 0x51}, {&(0x7f00000011c0)=""/16, 0x10}], 0x10000041, &(0x7f0000001240)=""/189, 0xbd, 0x1}, 0x5}, {{0x0, 0x0, &(0x7f0000003400)=[{&(0x7f0000001300)=""/241, 0xf1}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/4096, 0x1000}], 0x3, 0x0, 0x0, 0x7f}, 0x4}, {{&(0x7f0000003440)=@llc, 0x80, &(0x7f0000005700)=[{&(0x7f0000005b00)=""/215, 0xd7}, {&(0x7f00000035c0)=""/4096, 0x1000}, {&(0x7f00000045c0)=""/4096, 0x1000}, {&(0x7f00000055c0)=""/138, 0x8a}, {&(0x7f0000005a80)=""/73, 0x49}], 0x5, &(0x7f0000005c80)=""/133, 0x85, 0x200}}], 0x7, 0x40, 0x0) getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 1171.188282] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1171.195792] Interruptibility = 00000000 ActivityState = 00000000 [ 1171.206561] *** Host State *** [ 1171.212326] RIP = 0xffffffff812047de RSP = 0xffff888183f9f390 [ 1171.229670] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1171.264667] FSBase=00007f21f520b700 GSBase=ffff8881dae00000 TRBase=fffffe0000003000 [ 1171.297466] list_add corruption. prev->next should be next (ffffffff89db43a0), but was 0000000000000000. (prev=ffff8881d7105820). [ 1171.319676] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1171.346419] CR0=0000000080050033 CR3=00000001d2b65000 CR4=00000000001426f0 [ 1171.371639] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 1171.389587] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1171.395697] *** Control State *** [ 1171.407264] ------------[ cut here ]------------ [ 1171.412056] kernel BUG at lib/list_debug.c:28! [ 1171.420492] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000c2 [ 1171.436551] EntryControls=0000d1ff ExitControls=002fefff [ 1171.449183] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1171.458520] VMEntry: intr_info=80000020 errcode=00000000 ilen=00000000 [ 1171.465323] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 1171.470704] CPU: 1 PID: 9071 Comm: syz-executor5 Not tainted 4.20.0-rc4+ #139 [ 1171.477974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1171.487352] RIP: 0010:__list_add_valid.cold.2+0x23/0x2a [ 1171.492726] Code: e8 60 22 d2 fd 0f 0b 48 89 d9 48 c7 c7 60 d6 60 88 e8 4f 22 d2 fd 0f 0b 48 89 f1 48 c7 c7 e0 d6 60 88 48 89 de e8 3b 22 d2 fd <0f> 0b 90 90 90 90 90 55 48 89 e5 41 57 41 56 49 be 00 00 00 00 00 [ 1171.511642] RSP: 0018:ffff8881842c7948 EFLAGS: 00010286 [ 1171.516999] RAX: 0000000000000075 RBX: ffffffff89db43a0 RCX: ffffc9000feba000 [ 1171.524266] RDX: 0000000000000000 RSI: ffffffff8165fbe5 RDI: 0000000000000005 [ 1171.531549] RBP: ffff8881842c7960 R08: ffff88818036e440 R09: ffffed103b5c5020 [ 1171.538819] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff88817ecc94a0 [ 1171.546099] R13: ffff88817ecc94a0 R14: ffff8881d7105820 R15: ffff88817ecc9670 [ 1171.553369] FS: 00007fedd3d6e700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 1171.562072] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1171.567945] CR2: 00000000015920d8 CR3: 00000001cdea5000 CR4: 00000000001426e0 [ 1171.575207] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1171.582483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1171.589775] Call Trace: [ 1171.592381] ? mutex_lock_nested+0x16/0x20 [ 1171.596688] rdma_listen+0x6dc/0x990 [ 1171.600413] ? rdma_resolve_addr+0x2870/0x2870 [ 1171.605024] ucma_listen+0x1a4/0x260 [ 1171.608736] ? ucma_notify+0x210/0x210 [ 1171.612650] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1171.618196] ? _copy_from_user+0xdf/0x150 [ 1171.622383] ? ucma_notify+0x210/0x210 [ 1171.626284] ucma_write+0x365/0x460 [ 1171.629918] ? ucma_open+0x3f0/0x3f0 [ 1171.633643] __vfs_write+0x119/0x9f0 [ 1171.637363] ? __fget_light+0x2e9/0x430 [ 1171.641350] ? ucma_open+0x3f0/0x3f0 [ 1171.645070] ? kernel_read+0x120/0x120 [ 1171.648985] ? __might_sleep+0x95/0x190 [ 1171.652980] ? perf_trace_sched_process_exec+0x860/0x860 [ 1171.658463] ? posix_ktime_get_ts+0x15/0x20 [ 1171.662789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1171.668323] ? __inode_security_revalidate+0xd9/0x120 [ 1171.673529] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1171.678546] ? selinux_file_permission+0x90/0x540 [ 1171.683394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1171.688945] ? security_file_permission+0x1c2/0x220 [ 1171.693962] ? rw_verify_area+0x118/0x360 [ 1171.698108] vfs_write+0x1fc/0x560 [ 1171.701650] ksys_write+0x101/0x260 [ 1171.705280] ? __ia32_sys_read+0xb0/0xb0 [ 1171.709357] ? trace_hardirqs_off_caller+0x310/0x310 [ 1171.714500] __x64_sys_write+0x73/0xb0 [ 1171.718408] do_syscall_64+0x1b9/0x820 [ 1171.722295] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1171.727673] ? syscall_return_slowpath+0x5e0/0x5e0 [ 1171.732599] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1171.737487] ? trace_hardirqs_on_caller+0x310/0x310 [ 1171.742505] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 1171.747552] ? prepare_exit_to_usermode+0x291/0x3b0 [ 1171.752568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1171.757415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1171.762601] RIP: 0033:0x457569 [ 1171.765803] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1171.784718] RSP: 002b:00007fedd3d6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1171.792430] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 1171.799698] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000004 [ 1171.806978] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1171.814260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fedd3d6e6d4 [ 1171.821542] R13: 00000000004c5b7d R14: 00000000004d9e68 R15: 00000000ffffffff [ 1171.828814] Modules linked in: [ 1171.837488] kobject: 'erspan0' (00000000849c20b5): fill_kobj_path: path = '/devices/virtual/net/erspan0' [ 1171.847557] kobject: 'queues' (00000000a26182f6): kobject_add_internal: parent: 'erspan0', set: '' [ 1171.854145] kobject: 'loop3' (00000000f073d34a): kobject_uevent_env [ 1171.857649] kobject: 'queues' (00000000a26182f6): kobject_uevent_env [ 1171.870730] kobject: 'queues' (00000000a26182f6): kobject_uevent_env: filter function caused the event to drop! [ 1171.878089] kobject: 'loop3' (00000000f073d34a): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 1171.881392] kobject: 'rx-0' (00000000a7a562f9): kobject_add_internal: parent: 'queues', set: 'queues' [ 1171.900419] kobject: 'rx-0' (00000000a7a562f9): kobject_uevent_env [ 1171.906900] kobject: 'rx-0' (00000000a7a562f9): fill_kobj_path: path = '/devices/virtual/net/erspan0/queues/rx-0' [ 1171.917829] kobject: 'tx-0' (000000001fe36a60): kobject_add_internal: parent: 'queues', set: 'queues' [ 1171.929245] kobject: 'tx-0' (000000001fe36a60): kobject_uevent_env [ 1171.935705] kobject: 'tx-0' (000000001fe36a60): fill_kobj_path: path = '/devices/virtual/net/erspan0/queues/tx-0' [ 1171.946262] ---[ end trace 4788ed600117246e ]--- [ 1171.951437] RIP: 0010:__list_add_valid.cold.2+0x23/0x2a [ 1171.956883] Code: e8 60 22 d2 fd 0f 0b 48 89 d9 48 c7 c7 60 d6 60 88 e8 4f 22 d2 fd 0f 0b 48 89 f1 48 c7 c7 e0 d6 60 88 48 89 de e8 3b 22 d2 fd <0f> 0b 90 90 90 90 90 55 48 89 e5 41 57 41 56 49 be 00 00 00 00 00 [ 1171.977551] kobject: 'ip_vti0' (000000008b0739ec): kobject_add_internal: parent: 'net', set: 'devices' [ 1171.988179] kobject: 'ip_vti0' (000000008b0739ec): kobject_uevent_env [ 1171.994859] kobject: 'ip_vti0' (000000008b0739ec): fill_kobj_path: path = '/devices/virtual/net/ip_vti0' [ 1172.004843] RSP: 0018:ffff8881842c7948 EFLAGS: 00010286 [ 1172.010641] kobject: 'queues' (00000000f27f2afe): kobject_add_internal: parent: 'ip_vti0', set: '' [ 1172.020652] RAX: 0000000000000075 RBX: ffffffff89db43a0 RCX: ffffc9000feba000 [ 1172.028006] RDX: 0000000000000000 RSI: ffffffff8165fbe5 RDI: 0000000000000005 [ 1172.035635] kobject: 'queues' (00000000f27f2afe): kobject_uevent_env [ 1172.042181] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1172.042189] reason=80000021 qualification=0000000000000000 [ 1172.042196] IDTVectoring: info=00000000 errcode=00000000 [ 1172.042217] TSC Offset = 0xfffffd8b56522c29 [ 1172.042225] EPT pointer = 0x00000001a979b01e [ 1172.042673] kobject: 'kvm' (00000000afdff5f4): kobject_uevent_env [ 1172.058159] kobject: 'queues' (00000000f27f2afe): kobject_uevent_env: filter function caused the event to drop! [ 1172.086057] RBP: ffff8881842c7960 R08: ffff88818036e440 R09: ffffed103b5c5020 [ 1172.095478] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff88817ecc94a0 [ 1172.098082] kobject: 'kvm' (00000000afdff5f4): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 1172.103144] R13: ffff88817ecc94a0 R14: ffff8881d7105820 R15: ffff88817ecc9670 16:55:17 executing program 2: syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0x4000, 0x0, 0x80000001, 0x0, 0xdf92, 0x0, 0x0, 0x0, 0x8, 0x80000000, 0x9}, {0x0, 0x100000, 0x0, 0x10001, 0x81, 0x7016, 0x7, 0x7, 0x6, 0x0, 0x0, 0x7f}, {0x6004, 0x4, 0x19, 0x1000, 0x3, 0x0, 0x400, 0x0, 0x3, 0x0, 0x9, 0x1}, {0x12000, 0x2000, 0xb, 0x8, 0x15d, 0x17, 0x0, 0x4, 0x7, 0x100000000}, {0x0, 0x15000, 0xd, 0x0, 0x6e, 0x100, 0x3, 0x9, 0x4, 0x0, 0x0, 0x3}, {0x100000, 0x3000, 0x0, 0x0, 0x18, 0x80000000, 0x3ff, 0x2, 0x3, 0x2, 0x25937203}, {0xd000, 0x0, 0x0, 0x0, 0xcf56, 0x100000000, 0x3ff, 0x10001, 0xbbe6, 0x200, 0x1, 0x6}, {0x103000, 0x3000, 0xf, 0x2, 0xff, 0x8, 0x6, 0x6, 0xf5b, 0x5, 0x6}, {0x3000, 0x3000}, {0x105000, 0x1}, 0x80010000, 0x0, 0x0, 0x20d, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 16:55:17 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000)=0x5) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000680)={0xc, 0x8, 0xfa00, {&(0x7f0000000500)}}, 0x10) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f0000000440)={0x5, 0x10, 0xfa00, {&(0x7f00000006c0), 0xffffffffffffffff, 0x3}}, 0x18) 16:55:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x80010000, 0x0, 0x0, 0x0, 0xa, 0x800, 0x10000, [0x100000000, 0x80, 0x1, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:55:17 executing program 3: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x2b}, 0x2, @in, 0x0, 0xfffffffffffffffe, 0x0, 0x1}}, 0xe8) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) [ 1172.119298] kobject: 'rx-0' (000000006fe1a303): kobject_add_internal: parent: 'queues', set: 'queues' [ 1172.129305] FS: 00007fedd3d6e700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 1172.137570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1172.143906] kobject: 'rx-0' (000000006fe1a303): kobject_uevent_env [ 1172.158180] kobject: 'rx-0' (000000006fe1a303): fill_kobj_path: path = '/devices/virtual/net/ip_vti0/queues/rx-0' [ 1172.181774] kobject: 'tx-0' (00000000ce2f0d4b): kobject_add_internal: parent: 'queues', set: 'queues' [ 1172.187352] kobject: 'loop2' (00000000135d0425): kobject_uevent_env [ 1172.200006] kobject: 'loop2' (00000000135d0425): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 1172.201797] kobject: 'tx-0' (00000000ce2f0d4b): kobject_uevent_env [ 1172.216002] CR2: 0000001b30828000 CR3: 00000001cdea5000 CR4: 00000000001426f0 [ 1172.228141] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1172.235478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1172.248530] kobject: 'tx-0' (00000000ce2f0d4b): fill_kobj_path: path = '/devices/virtual/net/ip_vti0/queues/tx-0' [ 1172.258328] Kernel panic - not syncing: Fatal exception [ 1172.263230] kobject: 'kvm' (00000000afdff5f4): kobject_uevent_env [ 1172.265406] Kernel Offset: disabled [ 1172.275232] Rebooting in 86400 seconds..