[  546.188233] CR0=0000000080050033 CR3=00000001b94eb000 CR4=00000000001426e0
[  546.195475] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.207263] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  546.213048] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  546.219466] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  546.225904] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  546.232241] *** Control State ***
[  546.239412] Interruptibility = 00000000  ActivityState = 00000000
[  546.242672] Unknown ioctl 21536
[  546.249066] *** Host State ***
[  546.252723] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  546.257336] RIP = 0xffffffff81212aae  RSP = 0xffff88017f4f7350
[  546.262765] EntryControls=0000d1ff ExitControls=002fefff
[  546.268406] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  546.275814] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  546.282174] Unknown ioctl 21536
[  546.290225] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  546.299125] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  546.303369] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  546.306646] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  546.318042] CR0=0000000080050033 CR3=00000001d22da000 CR4=00000000001426f0
[  546.319693]         reason=80000021 qualification=0000000000000000
[  546.327063] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  546.336257] IDTVectoring: info=00000000 errcode=00000000
[  546.341043] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  546.345375] TSC Offset = 0xfffffed9340e7a04
[  546.345390] EPT pointer = 0x00000001c104c01e
[  546.368186] *** Control State ***
[  546.373341] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  546.382787] EntryControls=0000d1ff ExitControls=002fefff
[  546.391383] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  546.398557] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  546.405625] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  546.412262]         reason=80000021 qualification=0000000000000000
[  546.418578] IDTVectoring: info=00000000 errcode=00000000
[  546.424095] TSC Offset = 0xfffffed9240a0ba5
[  546.428423] EPT pointer = 0x00000001d15ec01e
[  546.482268] *** Guest State ***
[  546.485670] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  546.494673] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  546.503870] CR3 = 0x0000000000000000
[  546.507671] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  546.513735] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  546.519702] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  546.526420] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.534447] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.544638] SS:   sel=0x0000, attr=0x01085, limit=0x00000000, base=0x0000000000000003
[  546.553091] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.561054] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.569337] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.577613] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  546.585907] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.594211] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  546.602933] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  546.610911] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  546.617391] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  546.624885] Interruptibility = 00000000  ActivityState = 00000000
[  546.631104] *** Host State ***
[  546.634342] RIP = 0xffffffff81212aae  RSP = 0xffff88017f11f350
[  546.640325] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  546.646765] FSBase=00007f3d332c8700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  546.654880] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  546.660767] CR0=0000000080050033 CR3=00000001d22da000 CR4=00000000001426f0
[  546.667830] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  546.674556] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  546.680610] *** Control State ***
[  546.684098] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  546.690768] EntryControls=0000d1ff ExitControls=002fefff
[  546.696274] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  546.703230] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  546.710332] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  546.716947]         reason=80000021 qualification=0000000000000000
[  546.723290] IDTVectoring: info=00000000 errcode=00000000
[  546.728725] TSC Offset = 0xfffffed9240a0ba5
[  546.734248] EPT pointer = 0x00000001d15ec01e
22:02:11 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0xe00000000000000, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:11 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xffffdd86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:11 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r4 = getgid()
fstat(0xffffffffffffffff, &(0x7f0000000340))
mount$9p_virtio(&(0x7f0000000140)='/dev/vsock\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB=',posixacl\fcache=loose,mask=^'])
r5 = request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)=',vboxnet0selinux[-%\x00', 0x0)
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea5650e5698477eee8ba9fd88b977fde", 0xdf, 0x0)
add_key(&(0x7f0000000700)='syzkaller\x00', &(0x7f0000000740)={'syz'}, &(0x7f0000000780)="172f4a38482ab179e634b993cc9d41c1f6533efee36a4789cf21e39a2ace56525ed189233133619f909fded5bdf4530f43a0a30d0326334253118465d6", 0x3d, 0xfffffffffffffffd)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz', 0x2}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYBLOB="262e424c4c3a867c32757e8169721c434d0513e0bfca3007a783cf72475503e82f806a292778cccde2493b5205fb88cdd95374edc478d5993e84a0fb13df877ac05f5b4d2982cabc06d2e8e2f8506f294b603b5323c0d8e2c093a93c84c4b1606adc330fbf15912e412574ea06e638df5340f1104a3a8039", @ANYRES32=r4, @ANYRES16=0x0, @ANYPTR64], @ANYPTR64=&(0x7f0000000c00)=ANY=[@ANYRES16=r2, @ANYRES64=r0], @ANYPTR64=&(0x7f0000000c40)=ANY=[@ANYRESHEX=r4, @ANYRES64=r0, @ANYPTR, @ANYRES64=r3, @ANYRES64=r3]]], 0x1, r5)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x50, 0x1)
close(r1)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x3)
writev(r6, &(0x7f0000001400)=[{&(0x7f0000001340)="7564072c0202e48fcfe3be2995a815f44fc447b1a2e1deb1b63d9e8809d7a24becfde84c30f65b8e1cb7b50fbc08caed21186fbb21f82f0415745d332f2612f6b6338502a2170381162df6fb0af9cc3388d28748588bab1b8645fa780545a19582b88477a1dc7d3cfc", 0x69}], 0x1)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0xc17)
clock_gettime(0x0, &(0x7f0000000100))

22:02:11 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x300000000000000)

22:02:11 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$ION_IOC_HEAP_QUERY(r0, 0xc0184908, &(0x7f0000000100)={0x34, 0x0, &(0x7f0000000080)})
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
mq_open(&(0x7f00000001c0)='lovmnet1\x00', 0x42, 0x20, &(0x7f0000000200)={0x100000000, 0x0, 0x6, 0x8, 0x100, 0x2, 0x5, 0x6})
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f0000000240)="66b91c0600000f326766c7442400000000006766c74424029e0fc71e6766c744240600000000670f0114240f01c93e0fc76c0a670f0058ff0f01ca8fc9500193ecbf2ef26d0f12573566660f3a0e259d", 0x50}], 0xe6, 0x0, &(0x7f00000000c0), 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sendto$llc(r1, &(0x7f0000000300)="43b1f63acb1e7e3162e7033be949c53254be31d46bb90ab8573af8cf53464e02d3fb9619ce2d32661d2a377b25d6e1eb8df2d385e5df278d6de2605681c0b1099ed4825244ba0de0bab21d9b1c1900a3b391229d60579366fdfe1ad9817df9b6de9b813f7429ed2e94b50e8d4381423651086e88e0ba", 0x76, 0x4, 0x0, 0x0)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10)
ioctl$KVM_RUN(r7, 0x8090ae81, 0x70e000)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x6, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f00000017c0)=[@in6={0xa, 0x4e23, 0x8, @empty, 0x8}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e23, 0x9, @remote, 0x5}, @in={0x2, 0x4e20, @rand_addr=0x1000}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, [], 0xd}, 0x6}, @in6={0xa, 0x4e24, 0xfffffffffffffff9, @empty, 0x7}], 0xb0)
recvmsg(r3, &(0x7f0000000100)={&(0x7f0000000080)=@ethernet={0x0, @link_local}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000400)=""/235, 0xeb}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/223, 0xdf}, {&(0x7f0000001600)=""/198, 0xc6}], 0x4, &(0x7f0000001700)=""/129, 0x81, 0xfff}, 0x10002)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:11 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xfeffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:11 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mmap(&(0x7f0000013000/0x1000)=nil, 0x1000, 0x4, 0x32, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000003fe8))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r6, 0x84, 0x8, &(0x7f0000013e95), 0x4)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r6, 0x84, 0x6f, &(0x7f0000000300)={0x0, @in={{0x2, 0x0, @rand_addr}}}, &(0x7f00000003c0)=0x98)
close(r6)
close(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  548.922951] *** Guest State ***
[  548.926284] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  548.926299] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  548.926313] CR3 = 0x0000000000000000
22:02:11 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:11 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r4 = getgid()
fstat(0xffffffffffffffff, &(0x7f0000000340))
mount$9p_virtio(&(0x7f0000000140)='/dev/vsock\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB=',posixacl\fcache=loose,mask=^'])
r5 = request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)=',vboxnet0selinux[-%\x00', 0x0)
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea5650e5698477eee8ba9fd88b977fde", 0xdf, 0x0)
add_key(&(0x7f0000000700)='syzkaller\x00', &(0x7f0000000740)={'syz'}, &(0x7f0000000780)="172f4a38482ab179e634b993cc9d41c1f6533efee36a4789cf21e39a2ace56525ed189233133619f909fded5bdf4530f43a0a30d0326334253118465d6", 0x3d, 0xfffffffffffffffd)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz', 0x2}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYBLOB="262e424c4c3a867c32757e8169721c434d0513e0bfca3007a783cf72475503e82f806a292778cccde2493b5205fb88cdd95374edc478d5993e84a0fb13df877ac05f5b4d2982cabc06d2e8e2f8506f294b603b5323c0d8e2c093a93c84c4b1606adc330fbf15912e412574ea06e638df5340f1104a3a8039", @ANYRES32=r4, @ANYRES16=0x0, @ANYPTR64], @ANYPTR64=&(0x7f0000000c00)=ANY=[@ANYRES16=r2, @ANYRES64=r0], @ANYPTR64=&(0x7f0000000c40)=ANY=[@ANYRESHEX=r4, @ANYRES64=r0, @ANYPTR, @ANYRES64=r3, @ANYRES64=r3]]], 0x1, r5)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x50, 0x1)
close(r1)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x3)
writev(r6, &(0x7f0000001400)=[{&(0x7f0000001340)="7564072c0202e48fcfe3be2995a815f44fc447b1a2e1deb1b63d9e8809d7a24becfde84c30f65b8e1cb7b50fbc08caed21186fbb21f82f0415745d332f2612f6b6338502a2170381162df6fb0af9cc3388d28748588bab1b8645fa780545a19582b88477a1dc7d3cfc", 0x69}], 0x1)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0xc17)
clock_gettime(0x0, &(0x7f0000000100))

[  548.984767] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  549.015183] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  549.034305] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  549.048968] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.058026] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.066940] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  549.075661] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:11 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  549.084061] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.093717] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.101854] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  549.113427] *** Guest State ***
[  549.116729] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  549.126655] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  549.135876] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  549.138973] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  549.145530] CR3 = 0x0000000000000000
[  549.155260] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.165418] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  549.171982] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  549.177971] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:12 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x43050000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  549.179886] Interruptibility = 00000000  ActivityState = 00000000
[  549.187886] Unknown ioctl 21536
[  549.195394] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  549.195614] *** Host State ***
[  549.208152] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  549.224614] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.234143] RIP = 0xffffffff81212aae  RSP = 0xffff8801807a7350
[  549.237113] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.249146] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  549.258831] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.267403] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.271910] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  549.284064] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.291580] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  549.293138] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  549.308175] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.310214] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  549.317033] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  549.322797] CR0=0000000080050033 CR3=00000001c9bf7000 CR4=00000000001426e0
[  549.330308] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.337974] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  549.345451] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  549.353906] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  549.360218] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  549.366815] *** Control State ***
[  549.373953] Interruptibility = 00000000  ActivityState = 00000000
[  549.377653] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  549.383644] *** Host State ***
[  549.390572] EntryControls=0000d1ff ExitControls=002fefff
[  549.393981] RIP = 0xffffffff81212aae  RSP = 0xffff88017ee17350
[  549.399396] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  549.405924] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  549.413179] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  549.419323] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  549.426362] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  549.434376] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  549.441259]         reason=80000021 qualification=0000000000000000
[  549.446950] CR0=0000000080050033 CR3=00000001c48b2000 CR4=00000000001426f0
[  549.453481] IDTVectoring: info=00000000 errcode=00000000
[  549.460570] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  549.466332] TSC Offset = 0xfffffed78bf868bf
[  549.472793] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  549.477256] EPT pointer = 0x00000001c61ea01e
[  549.483213] *** Control State ***
[  549.491110] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  549.491122] EntryControls=0000d1ff ExitControls=002fefff
[  549.505227] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  549.512824] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  549.523320] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  549.530033]         reason=80000021 qualification=0000000000000000
[  549.536850] IDTVectoring: info=00000000 errcode=00000000
[  549.542630] TSC Offset = 0xfffffed77ba1a384
[  549.546955] EPT pointer = 0x00000001cc71001e
[  549.602327] *** Guest State ***
[  549.606016] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  549.616144] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  549.625448] CR3 = 0x0000000000000000
[  549.629160] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  549.635200] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  549.641179] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  549.647882] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.656198] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.664520] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  549.672865] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.681983] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.682015] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.698938] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  549.707529] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.715920] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  549.724459] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  549.733748] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  549.740172] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  549.748181] Interruptibility = 00000000  ActivityState = 00000000
[  549.754431] *** Host State ***
[  549.757840] RIP = 0xffffffff81212aae  RSP = 0xffff88017f35f350
[  549.763864] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  549.771254] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  549.779098] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  549.785273] CR0=0000000080050033 CR3=00000001c48b2000 CR4=00000000001426f0
[  549.792320] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  549.799164] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  549.805248] *** Control State ***
[  549.808712] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  549.815416] EntryControls=0000d1ff ExitControls=002fefff
[  549.820882] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  549.828118] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  549.835098] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  549.841657]         reason=80000021 qualification=0000000000000000
[  549.848018] IDTVectoring: info=00000000 errcode=00000000
[  549.853746] TSC Offset = 0xfffffed77ba1a384
[  549.858066] EPT pointer = 0x00000001cc71001e
22:02:14 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0xf5ffffff, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:14 executing program 5:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r4 = getgid()
fstat(0xffffffffffffffff, &(0x7f0000000340))
mount$9p_virtio(&(0x7f0000000140)='/dev/vsock\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB=',posixacl\fcache=loose,mask=^'])
r5 = request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)=',vboxnet0selinux[-%\x00', 0x0)
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz', 0x2}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea5650e5698477eee8ba9fd88b977fde", 0xdf, 0x0)
add_key(&(0x7f0000000700)='syzkaller\x00', &(0x7f0000000740)={'syz'}, &(0x7f0000000780)="172f4a38482ab179e634b993cc9d41c1f6533efee36a4789cf21e39a2ace56525ed189233133619f909fded5bdf4530f43a0a30d0326334253118465d6", 0x3d, 0xfffffffffffffffd)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz', 0x2}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYBLOB="262e424c4c3a867c32757e8169721c434d0513e0bfca3007a783cf72475503e82f806a292778cccde2493b5205fb88cdd95374edc478d5993e84a0fb13df877ac05f5b4d2982cabc06d2e8e2f8506f294b603b5323c0d8e2c093a93c84c4b1606adc330fbf15912e412574ea06e638df5340f1104a3a8039", @ANYRES32=r4, @ANYRES16=0x0, @ANYPTR64], @ANYPTR64=&(0x7f0000000c00)=ANY=[@ANYRES16=r2, @ANYRES64=r0], @ANYPTR64=&(0x7f0000000c40)=ANY=[@ANYRESHEX=r4, @ANYRES64=r0, @ANYPTR, @ANYRES64=r3, @ANYRES64=r3]]], 0x1, r5)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x50, 0x1)
close(r1)
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x3)
writev(r6, &(0x7f0000001400)=[{&(0x7f0000001340)="7564072c0202e48fcfe3be2995a815f44fc447b1a2e1deb1b63d9e8809d7a24becfde84c30f65b8e1cb7b50fbc08caed21186fbb21f82f0415745d332f2612f6b6338502a2170381162df6fb0af9cc3388d28748588bab1b8645fa780545a19582b88477a1dc7d3cfc", 0x69}], 0x1)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000080)=0xc17)
clock_gettime(0x0, &(0x7f0000000100))

22:02:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xb00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x500000000000000)

22:02:14 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040))
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff)
mount(&(0x7f0000000100)=ANY=[@ANYBLOB='/dev/loop0'], &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='squashfs\x00', 0x0, &(0x7f00000003c0)='/dev/dsp\x00')
syz_mount_image$nfs(&(0x7f0000000080)='nfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002580), 0x100001, &(0x7f0000002680)='/dev/loop')
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$BLKTRACESTART(r1, 0x1274, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x5, 0x400000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/prev\x00')
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080)=0x62, &(0x7f00000000c0)=0x4)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x13000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:02:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xffffca88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x100000, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  552.003143] *** Guest State ***
[  552.009958] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  552.050837] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x8100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  552.091703] Unknown ioctl 21536
22:02:15 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x7b, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000000000/0x1000)=nil)
shmctl$IPC_RMID(r0, 0xb)

[  552.113680] CR3 = 0x0000000000000000
[  552.121691] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x301000, 0x0)
getsockopt$IP_VS_SO_GET_INFO(r3, 0x0, 0x481, &(0x7f0000000080), &(0x7f00000000c0)=0xc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:15 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x1400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  552.155094] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  552.166624] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  552.174379] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.191027] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.214306] *** Guest State ***
[  552.220031] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  552.231439] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  552.239751] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  552.241387] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.254791] CR3 = 0x0000000000000000
[  552.260583] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.268722] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.276920] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  552.277242] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  552.285422] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  552.297369] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  552.301655] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  552.314284] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  552.315514] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.321520] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.329744] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  552.338009] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.344133] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  552.352360] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  552.359677] Interruptibility = 00000000  ActivityState = 00000000
[  552.368211] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.374030] *** Host State ***
[  552.382261] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.385290] RIP = 0xffffffff81212aae  RSP = 0xffff8801d8377350
[  552.393510] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.399289] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  552.407525] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  552.413754] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  552.422703] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.430646] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  552.438458] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  552.444194] CR0=0000000080050033 CR3=00000001bd717000 CR4=00000000001426f0
[  552.452475] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  552.459256] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  552.467554] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  552.474011] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  552.481037] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  552.488252] *** Control State ***
[  552.496479] Interruptibility = 00000000  ActivityState = 00000000
[  552.499212] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  552.505690] *** Host State ***
[  552.512212] EntryControls=0000d1ff ExitControls=002fefff
[  552.515624] RIP = 0xffffffff81212aae  RSP = 0xffff88018174f350
[  552.520885] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  552.527255] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  552.533875] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  552.540469] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  552.546994] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  552.555186] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  552.561819]         reason=80000021 qualification=0000000000000000
[  552.567633] CR0=0000000080050033 CR3=00000001c00f8000 CR4=00000000001426f0
[  552.573818] IDTVectoring: info=00000000 errcode=00000000
[  552.583106] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  552.589338] TSC Offset = 0xfffffed5e48e9561
[  552.596313] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  552.600397] EPT pointer = 0x000000018a42801e
[  552.606725] *** Control State ***
[  552.614713] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  552.624909] EntryControls=0000d1ff ExitControls=002fefff
[  552.630497] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  552.637730] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  552.644439] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  552.651023]         reason=80000021 qualification=0000000000000000
[  552.657361] IDTVectoring: info=00000000 errcode=00000000
[  552.662838] TSC Offset = 0xfffffed5c46a91e8
[  552.667162] EPT pointer = 0x00000001cc5c801e
22:02:17 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x4, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:17 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:17 executing program 5:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f})
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 'syz0\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)

22:02:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x10000000)

22:02:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x8000000000000, 0x0, 0x1000, &(0x7f0000031000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000001a000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b811008ed00f32b8010000000f01d99a18ff00002801650f01cb65660f011cadf40000000fc7aca8710000000fc79d285f5e612ef0ff4c2d13c4c2f92513"}], 0xaaaaaaaaaaaaca8, 0xfffffffffffffffe, &(0x7f0000000100)=[@cr4={0x1, 0x400080}], 0xde)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x101, 0x80000)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000040)={{0x20, 0x3}, {0x9, 0x9}, 0x3, 0x0, 0x101})
write$binfmt_misc(r1, &(0x7f0000000200)={'syz0', "437b147e70ce5f53f0ece4cc0ce6c85e0df52b16542d6d0e1bd014d25d1424c99b7ffa0decb4daffe39b2a73c347344991f4fab3ff0856c3d73cd8373cbdc3ef790fda1857d1"}, 0x4a)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:17 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x3, 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:17 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x88480000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:18 executing program 1:
socketpair(0x0, 0x4, 0xfffffffffffffffd, &(0x7f0000000080))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x40, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  555.076604] input: syz1 as /devices/virtual/input/input6
[  555.094428] *** Guest State ***
[  555.112495] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  555.123935] *** Guest State ***
[  555.130281] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  555.142639] input: syz1 as /devices/virtual/input/input7
[  555.143215] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  555.168719] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  555.181737] CR3 = 0x0000000000000000
[  555.185832] CR3 = 0x0000000000000000
[  555.189692] RSP = 0x0000000000000f80  RIP = 0x0000000000008001
[  555.196644] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  555.203274] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  555.209394] Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
[  555.218145] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:02:18 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0xfffffff5, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  555.225077] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.233257] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  555.246376] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.260411] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:18 executing program 1:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000), 0x1c)
r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
ioctl(r0, 0x40084149, &(0x7f0000000000))
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
pipe2$9p(&(0x7f0000000300), 0x80000)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r4=>0x0, r1, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30)
get_robust_list(r4, &(0x7f0000000280)=&(0x7f0000000240)={&(0x7f00000001c0)={&(0x7f0000000100)}, 0x0, &(0x7f0000000200)}, &(0x7f00000002c0)=0x18)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x14000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  555.270698] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.280732] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  555.285529] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  555.299426] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.307710] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.316643] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.325832] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  555.328844] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.334439] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  555.351987] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  555.355703] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.360370] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x8848, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  555.368628] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.384916] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  555.394230] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  555.401863] Interruptibility = 00000000  ActivityState = 00000000
[  555.408319] *** Host State ***
[  555.414012] RIP = 0xffffffff81212aae  RSP = 0xffff880187137350
[  555.420842] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  555.421163] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  555.434447] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  555.445201] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.453519] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  555.455035] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  555.461560] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  555.468028] CR0=0000000080050033 CR3=00000001c23d5000 CR4=00000000001426f0
[  555.478339] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  555.490924] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  555.504262] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  555.505514] Interruptibility = 00000008  ActivityState = 00000000
[  555.517611] *** Host State ***
22:02:18 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000040)=0x1, 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10)

[  555.528497] RIP = 0xffffffff81212aae  RSP = 0xffff8801d8377350
[  555.529624] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  555.542300] *** Control State ***
[  555.545867] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  555.547049] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  555.560225] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  555.565888] EntryControls=0000d1ff ExitControls=002fefff
[  555.574785] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  555.581679] CR0=0000000080050033 CR3=00000001bc206000 CR4=00000000001426f0
[  555.599411] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  555.600294] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  555.609200] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  555.614200] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  555.624966] *** Control State ***
[  555.631129] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  555.638082] EntryControls=0000d1ff ExitControls=002fefff
[  555.642923] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  555.644488] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  555.652066]         reason=80000021 qualification=0000000000000000
[  555.657238] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  555.670333] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  555.671957] IDTVectoring: info=00000000 errcode=00000000
[  555.677270]         reason=80000021 qualification=0000000000000000
[  555.682925] TSC Offset = 0xfffffed43e7030db
[  555.688957] IDTVectoring: info=00000000 errcode=00000000
[  555.693365] EPT pointer = 0x00000001d144201e
[  555.698915] TSC Offset = 0xfffffed43dcabf61
[  555.707666] EPT pointer = 0x00000001d2e3201e
[  555.724876] *** Guest State ***
22:02:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x1100)

[  555.728417] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[  555.738988] CR4: actual=0x00000000004020c0, shadow=0x0000000000400080, gh_mask=ffffffffffffe871
[  555.748648] CR3 = 0x0000000000000000
[  555.752778] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  555.758818] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  555.765548] Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
[  555.772595] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[  555.780687] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  555.789328] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  555.797417] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  555.805460] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  555.813455] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  555.821410] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  555.829449] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  555.832301] *** Guest State ***
[  555.837534] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[  555.848845] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.849295] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  555.857243] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[  555.872183] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  555.872193] Interruptibility = 00000008  ActivityState = 00000000
[  555.872196] *** Host State ***
[  555.872208] RIP = 0xffffffff81212aae  RSP = 0xffff8801d8377350
[  555.872236] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  555.886675] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  555.889141] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  555.889153] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  555.889167] CR0=0000000080050033 CR3=00000001bc206000 CR4=00000000001426f0
[  555.889182] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  555.895575] CR3 = 0x0000000000000000
[  555.901576] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  555.901580] *** Control State ***
[  555.901588] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  555.901596] EntryControls=0000d1ff ExitControls=002fefff
[  555.901609] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  555.901617] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
22:02:18 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400, 0x0)

22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:18 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x297, 0x3e6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000240)=""/50)

[  555.901625] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  555.901638]         reason=80000021 qualification=0000000000000000
[  555.911180] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  555.918337] IDTVectoring: info=00000000 errcode=00000000
[  555.918344] TSC Offset = 0xfffffed43dcabf61
[  555.918353] EPT pointer = 0x00000001d2e3201e
[  555.932679] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  555.941896] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:02:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  555.955871] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  555.963933] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.006232] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  556.031708] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.080859] *** Guest State ***
[  556.084447] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  556.094040] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.103874] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.112618] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  556.118772] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:19 executing program 5:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x80, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x40000000000022d, 0x0, &(0x7f0000001380)={0x77359400})

[  556.130016] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  556.145398] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  556.154094] CR3 = 0x0000000000000000
[  556.157816] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  556.157829] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  556.157850] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  556.177097] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.192586] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  556.199076] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  556.207180] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.215263] Interruptibility = 00000000  ActivityState = 00000000
[  556.215267] *** Host State ***
[  556.215279] RIP = 0xffffffff81212aae  RSP = 0xffff88018712f350
[  556.215301] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  556.215316] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  556.223637] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.226080] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  556.231108] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  556.237506] CR0=0000000080050033 CR3=00000001c23d5000 CR4=00000000001426e0
[  556.245767] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.253994] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  556.271909] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.282769] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.298415] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  556.305807] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  556.313498] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.323511] *** Control State ***
[  556.330683] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  556.334787] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  556.340792] EntryControls=0000d1ff ExitControls=002fefff
[  556.345714] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.350939] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  556.359188] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  556.365994] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  556.372631] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  556.379113] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  556.386908] Interruptibility = 00000000  ActivityState = 00000000
[  556.393739]         reason=80000021 qualification=0000000000000000
[  556.399628] *** Host State ***
[  556.405925] IDTVectoring: info=00000000 errcode=00000000
[  556.414630] TSC Offset = 0xfffffed3dbdc64a7
[  556.419075] RIP = 0xffffffff81212aae  RSP = 0xffff8801c076f350
[  556.419080] EPT pointer = 0x00000001c804601e
[  556.425550] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  556.436350] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  556.444397] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  556.450345] CR0=0000000080050033 CR3=00000001cd9f8000 CR4=00000000001426e0
[  556.457773] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  556.464544] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  556.470666] *** Control State ***
[  556.474145] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  556.480830] EntryControls=0000d1ff ExitControls=002fefff
[  556.486688] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  556.493646] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  556.500314] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  556.506931]         reason=80000021 qualification=0000000000000000
[  556.513266] IDTVectoring: info=00000000 errcode=00000000
[  556.518695] TSC Offset = 0xfffffed3b24f5bf7
[  556.523056] EPT pointer = 0x00000001c78a301e
[  556.572336] *** Guest State ***
[  556.575713] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  556.584653] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  556.593512] CR3 = 0x0000000000000000
[  556.597209] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  556.603200] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  556.609170] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  556.615871] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.623889] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.631865] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  556.631882] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.631899] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.655984] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.664013] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  556.672015] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  556.680037] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  556.688114] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  556.696132] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  556.702638] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  556.710095] Interruptibility = 00000000  ActivityState = 00000000
[  556.716339] *** Host State ***
[  556.719533] RIP = 0xffffffff81212aae  RSP = 0xffff88017d3b7350
[  556.725640] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  556.732082] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  556.739871] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  556.745806] CR0=0000000080050033 CR3=00000001cd9f8000 CR4=00000000001426e0
[  556.752846] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  556.759495] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  556.765568] *** Control State ***
[  556.769040] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  556.775734] EntryControls=0000d1ff ExitControls=002fefff
[  556.781198] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  556.788144] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  556.794832] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  556.801391]         reason=80000021 qualification=0000000000000000
[  556.807728] IDTVectoring: info=00000000 errcode=00000000
[  556.813191] TSC Offset = 0xfffffed3b24f5bf7
[  556.817515] EPT pointer = 0x00000001c78a301e
22:02:21 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0xe, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x8864000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:21 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000346fd4)={0x0, 0x0, 0x0, 0x10bd}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x6, 0x5, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x10}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0x3bc, &(0x7f00001a7f05)=""/251}, 0x2e)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x28, &(0x7f0000000040)={0x0, <r3=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={r3, 0x9, 0x8}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f00000001c0), &(0x7f0000000200)="96d76f436e735b91aa8956539195582e72383f4f04a29104aa272a2a6c0346ad62fac70f57ae8c6551befa58ed444fe645768669e3cc30ad4da5adfe82c754bc209d7326cee62bdaa046f3e7d3dd8a903aad3f363fe66156af2b5073313b5276a4b08113167f335ae9b90799569d41b67da2669a714aafb7d36d9f65dfe32b352470563f8128c02333f70776295752aa"}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:21 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r1 = syz_open_pts(r0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}}}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000001340)=""/211, 0xd3}, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0xfee2)
ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17})

22:02:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x100000000000000)

22:02:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9a79, 0x40000)
r2 = getuid()
r3 = getgid()
write$P9_RGETATTR(r1, &(0x7f0000000080)={0xa0, 0x19, 0x2, {0x4, {0x0, 0x4, 0x8}, 0x4, r2, r3, 0x2, 0x6f, 0x8, 0x10001, 0x6, 0x9, 0xffff, 0x4, 0x3f, 0xa1, 0xfffffffffffffffa, 0x9, 0x1000, 0x9a4c, 0x400}}, 0xa0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x121043, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x86ddffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  558.367153] *** Guest State ***
[  558.375115] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  558.410324] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  558.415877] *** Guest State ***
[  558.439850] CR3 = 0x0000000000000000
[  558.448260] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x8060000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  558.448410] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:21 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000040)={0x4001, 0x10000})
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:21 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0xffffffff00000000, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  558.488391] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  558.494132] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  558.505858] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  558.515667] CR3 = 0x0000000000000000
[  558.519389] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  558.540064] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.558699] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  558.572261] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.579990] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  558.587172] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  558.596503] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.604985] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.622171] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x88caffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  558.633343] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.642605] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.653656] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  558.662335] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.671249] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.678143] GDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:21 executing program 5:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000000c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000), 0x12)

[  558.679665] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.695704] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  558.698829] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.716871] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  558.726930] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0xb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:21 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)

[  558.732217] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  558.753280] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  558.770725] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  558.771858] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  558.784657] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  558.797435] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  558.804498] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  558.812670] Interruptibility = 00000000  ActivityState = 00000000
[  558.815322] Interruptibility = 00000000  ActivityState = 00000000
[  558.819943] *** Host State ***
[  558.829045] RIP = 0xffffffff81212aae  RSP = 0xffff88018e9ff350
[  558.852072] *** Host State ***
[  558.854356] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  558.858724] RIP = 0xffffffff81212aae  RSP = 0xffff88018c087350
[  558.862198] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  558.875111] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  558.876683] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  558.882325] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  558.892606] CR0=0000000080050033 CR3=00000001cd123000 CR4=00000000001426f0
[  558.896441] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  558.908839] CR0=0000000080050033 CR3=00000001c7c5c000 CR4=00000000001426e0
[  558.910195] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  558.916012] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  558.923476] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  558.932102] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  558.941530] *** Control State ***
[  558.945132] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  558.945621] *** Control State ***
[  558.955879] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  558.957716] EntryControls=0000d1ff ExitControls=002fefff
[  558.963645] EntryControls=0000d1ff ExitControls=002fefff
[  558.970429] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  558.974146] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  558.982136] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  558.987988] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  558.999500] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  559.001919] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  559.007769]         reason=80000021 qualification=0000000000000000
[  559.014708]         reason=80000021 qualification=0000000000000000
[  559.020681] IDTVectoring: info=00000000 errcode=00000000
[  559.027293] IDTVectoring: info=00000000 errcode=00000000
[  559.032584] TSC Offset = 0xfffffed27aaa4d71
[  559.038262] TSC Offset = 0xfffffed279edaa07
[  559.042732] EPT pointer = 0x00000001b9c7a01e
22:02:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x600000000000000)

22:02:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
clock_gettime(0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000100)=""/6)
utimes(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={{r3, r4/1000+10000}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = dup2(r1, r0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r6, 0x40042409, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:21 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

22:02:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x543, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  559.047043] EPT pointer = 0x00000001b94eb01e
[  559.118847] *** Guest State ***
[  559.122594] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  559.142444] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  559.158194] CR3 = 0x0000000000000000
[  559.176102] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  559.182787] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  559.188872] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  559.197847] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.207569] *** Guest State ***
[  559.213794] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.221915] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  559.223272] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  559.230952] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  559.239124] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.248260] CR3 = 0x0000000000000000
[  559.256745] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.266426] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  559.268345] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.281635] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  559.281859] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  559.287787] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  559.302524] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.304458] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.314595] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.322163] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  559.334855] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.338571] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  559.350987] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.352334] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  559.359818] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.365936] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  559.374119] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.383016] Interruptibility = 00000000  ActivityState = 00000000
[  559.389548] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  559.401537] *** Host State ***
[  559.403524] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  559.408481] RIP = 0xffffffff81212aae  RSP = 0xffff8801b9547350
[  559.420847] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
22:02:22 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3, 0x0, r0}, 0xd3)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x200000000000016b, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3b, 0x0, 0x0, 0x0, 0x7bb}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x5f9dc518, 0x0, 0x0, 0x0, 0x6}, @alu={0x7, 0xffffffffffffffa5, 0x0, 0x3, 0x6153c2b9632f9885, 0x100, 0x10}, @alu={0x7, 0x87d1, 0xe, 0x9, 0x7, 0x40, 0x4}, @call={0x85, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, @alu={0x0, 0xe4, 0x0, 0x9, 0x7, 0x20, 0xfffffffffffffffc}, @ldst={0x3, 0x1, 0x3, 0xf, 0xc, 0xfffffffffffffff0, 0xffffffffffffffff}]}, &(0x7f0000000080)='GPL\x00', 0x6, 0x76, &(0x7f00000001c0)=""/118, 0x41f00, 0x1, [], r3}, 0x3)

[  559.425778] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  559.427521] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  559.435648] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.443434] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  559.456584] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  559.458087] CR0=0000000080050033 CR3=00000001ba133000 CR4=00000000001426f0
[  559.470211] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  559.470856] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  559.479377] Interruptibility = 00000000  ActivityState = 00000000
[  559.491166] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  559.493479] *** Host State ***
[  559.500570] RIP = 0xffffffff81212aae  RSP = 0xffff8801c8867350
[  559.503662] *** Control State ***
[  559.507313] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  559.516652] FSBase=00007f0848ae7700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  559.516702] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  559.525124] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  559.537352] CR0=0000000080050033 CR3=00000001c9a49000 CR4=00000000001426e0
[  559.538280] EntryControls=0000d1ff ExitControls=002fefff
[  559.549528] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  559.550524] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  559.556749] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  559.563983] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  559.569737] *** Control State ***
[  559.576649] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  559.579915] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  559.586740]         reason=80000021 qualification=0000000000000000
[  559.593876] EntryControls=0000d1ff ExitControls=002fefff
[  559.599852] IDTVectoring: info=00000000 errcode=00000000
[  559.605233] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  559.610921] TSC Offset = 0xfffffed211a92021
[  559.618027] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  559.622565] EPT pointer = 0x00000001b94eb01e
[  559.629029] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  559.640010]         reason=80000021 qualification=0000000000000000
[  559.640018] IDTVectoring: info=00000000 errcode=00000000
[  559.640024] TSC Offset = 0xfffffed21342e219
[  559.640032] EPT pointer = 0x00000001ba90f01e
[  559.692408] *** Guest State ***
[  559.695739] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  559.704895] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  559.714033] CR3 = 0x0000000000000000
[  559.717734] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  559.723728] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  559.729703] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  559.736398] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.744396] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.752462] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  559.760442] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.760460] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.776698] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.786405] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  559.794445] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  559.802507] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  559.810473] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  559.818466] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  559.824917] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  559.832567] Interruptibility = 00000000  ActivityState = 00000000
[  559.838802] *** Host State ***
[  559.842009] RIP = 0xffffffff81212aae  RSP = 0xffff88017df1f350
[  559.848037] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  559.854495] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  559.862314] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  559.868188] CR0=0000000080050033 CR3=00000001ba133000 CR4=00000000001426e0
[  559.875231] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  559.881902] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  559.887973] *** Control State ***
[  559.891430] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  559.898119] EntryControls=0000d1ff ExitControls=002fefff
[  559.903610] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  559.910548] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  559.917245] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  559.923837]         reason=80000021 qualification=0000000000000000
[  559.930134] IDTVectoring: info=00000000 errcode=00000000
[  559.935615] TSC Offset = 0xfffffed211a92021
[  559.939948] EPT pointer = 0x00000001b94eb01e
22:02:24 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x4000, &(0x7f0000b36000)}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:24 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:24 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

22:02:24 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)

22:02:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x3f000000)

22:02:24 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x101840, 0x0)
getsockopt$inet6_int(r3, 0x29, 0x7f, &(0x7f0000000200), &(0x7f0000000240)=0x4)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000400)={{{@in=@local, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000000100)=0xe8)
bind$xdp(r3, &(0x7f0000000180)={0x2c, 0x7, r4, 0x22, 0xffffffffffffff9c}, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000000)={0x0, @aes128, 0x2, "012f4d9288a72b11"})
socket$pppoe(0x18, 0x1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x101ff, 0x1, 0x6000, 0x2000, &(0x7f0000004000/0x2000)=nil})

22:02:24 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x14000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  561.631684] *** Guest State ***
[  561.639270] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  561.640424] *** Guest State ***
[  561.649465] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  561.654719] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:24 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  561.680695] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  561.685093] CR3 = 0x0000000000000000
[  561.698308] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  561.709146] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  561.715353] CR3 = 0x0000000000000000
22:02:24 executing program 5:
r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x40, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sigaltstack(&(0x7f0000ffa000/0x3000)=nil, &(0x7f00000000c0))
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={<r3=>0x0, 0x73e9}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={r3}, &(0x7f0000000200)=0x8)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x10, 0xffffffffffffffff, 0x0)
ioctl(0xffffffffffffffff, 0x0, &(0x7f0000001f64))
ioctl$TIOCSBRK(r0, 0x5427)
ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000000240))

[  561.729067] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  561.743110] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  561.747932] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  561.756163] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  561.763893] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.767937] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:24 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88a8ffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:24 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x2c, 0x4)
r1 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000100)=0x6, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @multicast2}}, 0x1c)

[  561.782594] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.794011] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  561.808021] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.819899] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:24 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xffffa888, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  561.828304] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  561.837008] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.845670] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.854155] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.864334] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  561.876331] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.884865] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  561.893591] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.901903] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  561.912221] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  561.923920] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.924355] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.940097] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  561.946111] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  561.956822] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  561.964792] Interruptibility = 00000000  ActivityState = 00000000
[  561.971191] *** Host State ***
[  561.976418] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  561.978332] RIP = 0xffffffff81212aae  RSP = 0xffff880189427350
[  561.984747] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  561.991715] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  562.004053] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  562.004542] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  562.014151] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  562.019994] Interruptibility = 00000000  ActivityState = 00000000
[  562.025667] CR0=0000000080050033 CR3=00000001d8de9000 CR4=00000000001426f0
[  562.031745] *** Host State ***
[  562.039056] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  562.041986] RIP = 0xffffffff81212aae  RSP = 0xffff8801896f7350
[  562.049360] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  562.054863] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  562.061316] *** Control State ***
[  562.067390] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  562.067401] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  562.067416] CR0=0000000080050033 CR3=00000001d3bb0000 CR4=00000000001426e0
[  562.071366] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  562.078790] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  562.084968] EntryControls=0000d1ff ExitControls=002fefff
[  562.091736] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  562.098789] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  562.105188] *** Control State ***
[  562.110900] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  562.116851] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  562.123946] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  562.127317] EntryControls=0000d1ff ExitControls=002fefff
[  562.134195]         reason=80000021 qualification=0000000000000000
[  562.140674] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  562.147455] IDTVectoring: info=00000000 errcode=00000000
[  562.152758] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  562.159318] TSC Offset = 0xfffffed0bac4a9aa
[  562.166183] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  562.171743] EPT pointer = 0x00000001c629901e
[  562.178299]         reason=80000021 qualification=0000000000000000
[  562.189239] IDTVectoring: info=00000000 errcode=00000000
[  562.200089] TSC Offset = 0xfffffed0b91fc62c
[  562.213460] EPT pointer = 0x00000001c58d101e
[  562.242686] *** Guest State ***
[  562.246066] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  562.255107] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  562.263992] CR3 = 0x0000000000000000
[  562.267712] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  562.273734] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  562.279718] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  562.279731] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.279754] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.294448] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  562.294466] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.294484] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.326456] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.334476] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  562.342490] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  562.350464] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  562.358539] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  562.366545] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  562.372987] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  562.380457] Interruptibility = 00000000  ActivityState = 00000000
[  562.386698] *** Host State ***
[  562.389889] RIP = 0xffffffff81212aae  RSP = 0xffff88017f66f350
[  562.395898] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  562.402348] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  562.410152] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  562.416140] CR0=0000000080050033 CR3=00000001d3bb0000 CR4=00000000001426e0
[  562.423272] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  562.429970] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  562.436087] *** Control State ***
[  562.439570] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  562.446300] EntryControls=0000d1ff ExitControls=002fefff
[  562.451752] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  562.458710] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  562.465442] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  562.472064]         reason=80000021 qualification=0000000000000000
[  562.478379] IDTVectoring: info=00000000 errcode=00000000
[  562.484311] TSC Offset = 0xfffffed0b91fc62c
[  562.488624] EPT pointer = 0x00000001c58d101e
22:02:27 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xf5ffffff}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xfffffffffffff000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:27 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x100000002)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f00000004c0)="240000001c002551071c0165ff0ffc020200030000100f000ee1000c08001800a000a000bc0000008f3943793a5ea67658cb22b79489bbdd14f6fd59b97dc8f8b550e66a2bff77c4931da84157f7a733686a22fd8169f6b6b4f464e0c05df670d851f785ea2b85d32b3583d87124da3bb0b9e2cc000000dcce1fb4ac2cbd48c8378a3ad82a5b83c01295723da595c483daabb7e919e204853d48a5a6bd525801d5cae983cf4544a9c4c396f36e85787a8efc32e0015c85ead2b748bc6a5fefc4e53543f9f65e3da31a110af1acb78ce510c7e060f433314f5a171b182deb7904", 0xe0)

22:02:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x80ffff)

22:02:27 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001440)=""/179, 0x6162ba6c}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:27 executing program 4:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r2 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r2, 0x8912, &(0x7f0000000100)="153f6234488dd25d766070")
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000500)=0x4, 0x4)
mount(&(0x7f0000000100)=ANY=[], &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x0, &(0x7f0000000300))
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280)='/dev/zero\x00', 0x20000, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000580)='/dev/sequencer\x00', 0x200400, 0x0)
renameat2(r3, &(0x7f0000000540)='./file0\x00', r4, &(0x7f00000005c0)='./file0\x00', 0x7)
r5 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
lseek(r5, 0xb, 0x1)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000180)={<r8=>0x0, 0x7}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r6, 0x84, 0x6c, &(0x7f0000000400)={r8, 0xd4, "5503f1772283ef3532bab3783785988f08feed0c93f5d7b8a54af1ad44570486dde0a29c6a0bddf61201d234fbe30537b0eda601adeef42fedaa2e3ba2c1c52ae41fcc58ae5837a8f37f91e775f294c6d139200b465c6778085f419c8cfa63aafe27567d5401572e7ca67e3a483ad443965f7231de9911c2723853f255d067e1cd75ef0b4b63e71b555ee9529c4aabb5073a603fd47ab0c87477adf786e9fe722104bbfe1b5b1516d9a752ef936836a65ee185384b5017e775a259def0de8f119c44c6e42750dfaa1f90b38d4a789354eee12485"}, &(0x7f0000000240)=0xdc)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

22:02:27 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000003b00)={<r1=>0x0, <r2=>0x0})
recvmmsg(0xffffffffffffff9c, &(0x7f0000003980)=[{{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000400)=""/236, 0xec}, {&(0x7f0000000080)=""/158, 0x9e}, {&(0x7f0000000200)=""/111, 0x6f}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/239, 0xef}, {&(0x7f0000000000)=""/9, 0x9}, {&(0x7f0000001600)=""/109, 0x6d}, {&(0x7f0000001680)=""/158, 0x9e}], 0x8, &(0x7f00000017c0)=""/185, 0xb9, 0x7}, 0x3f}, {{&(0x7f0000001880)=@pppol2tpv3={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff, {0x2, 0x0, @rand_addr}}}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000001900)=""/114, 0x72}, {&(0x7f0000000180)=""/54, 0x36}, {&(0x7f0000001980)=""/149, 0x95}, {&(0x7f0000001a40)=""/121, 0x79}], 0x4, &(0x7f0000001b00)=""/4096, 0x1000, 0x3f}, 0x10001}, {{&(0x7f0000002b00)=@can, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000002b80)=""/13, 0xd}], 0x1, &(0x7f0000002c00)=""/159, 0x9f, 0x2}, 0x3}, {{&(0x7f0000002cc0)=@pptp, 0x80, &(0x7f0000003100)=[{&(0x7f0000002d40)=""/17, 0x11}, {&(0x7f0000002d80)=""/24, 0x18}, {&(0x7f0000002dc0)=""/211, 0xd3}, {&(0x7f0000002ec0)=""/24, 0x18}, {&(0x7f0000002f00)=""/159, 0x9f}, {&(0x7f0000002fc0)=""/56, 0x38}, {&(0x7f0000003000)=""/204, 0xcc}], 0x7, &(0x7f0000003180)=""/247, 0xf7, 0xffff}, 0x276f}, {{&(0x7f0000003280)=@nfc, 0x80, &(0x7f0000003580)=[{&(0x7f0000003300)=""/171, 0xab}, {&(0x7f00000033c0)=""/137, 0x89}, {&(0x7f0000003480)=""/204, 0xcc}], 0x3, &(0x7f00000035c0)=""/219, 0xdb, 0x670}, 0x6}, {{&(0x7f00000036c0)=@ethernet, 0x80, &(0x7f0000003840)=[{&(0x7f0000003740)=""/207, 0xcf}], 0x1, &(0x7f0000003880)=""/246, 0xf6, 0x27}, 0x200}], 0x6, 0x40000000, &(0x7f0000003b40)={r1, r2+10000000})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000003d00)={0x0, r0, 0x4, 0x100000001, 0x3, 0x7})
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000003b80)={<r4=>0x0, 0x1}, &(0x7f0000003bc0)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000003c00)={r4, 0x6}, 0x8)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
setsockopt$inet_int(r3, 0x0, 0xf, &(0x7f0000003c40)=0x10000, 0x4)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000003c80)=[@in6={0xa, 0x4e21, 0x10000, @empty, 0x80000000}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e20, 0x5, @empty, 0x7f}, @in6={0xa, 0x4e23, 0x4, @remote}, @in6={0xa, 0x4e20, 0xa1, @loopback}], 0x80)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4305000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:27 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c)

[  564.732942] *** Guest State ***
[  564.736767] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  564.747349] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  564.761923] CR3 = 0x0000000000000000
[  564.771051] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8906000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  564.801990] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  564.812299] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:02:27 executing program 5:
mlockall(0x1)
clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

[  564.844099] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  564.853367] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  564.863569] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  564.863637] *** Guest State ***
[  564.872950] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  564.892773] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  564.901708] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  564.904206] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  564.920010] GDTR:                           limit=0x000007ff, base=0x0000000000001000
22:02:27 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xe}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  564.948241] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  564.954576] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  564.975379] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  564.979100] CR3 = 0x0000000000000000
[  564.984241] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x89060000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  564.992528] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  564.996163] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  565.008314] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  565.019011] Interruptibility = 00000000  ActivityState = 00000000
[  565.031239] *** Host State ***
[  565.032438] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  565.039056] RIP = 0xffffffff81212aae  RSP = 0xffff880182477350
[  565.040573] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  565.051140] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  565.066341] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  565.077806] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.080630] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
22:02:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  565.093720] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.096472] CR0=0000000080050033 CR3=00000001cc69d000 CR4=00000000001426f0
[  565.115140] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  565.122229] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  565.131432] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  565.142555] *** Control State ***
[  565.146191] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  565.148295] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.153802] EntryControls=0000d1ff ExitControls=002fefff
[  565.166853] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  565.167547] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.174585] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  565.191391] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  565.199025] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.211513]         reason=80000021 qualification=0000000000000000
[  565.218342] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  565.223786] IDTVectoring: info=00000000 errcode=00000000
[  565.232093] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.237315] TSC Offset = 0xfffffecf13387350
22:02:28 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x2000000)

[  565.248946] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  565.255122] EPT pointer = 0x00000001b957a01e
[  565.263232] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.279521] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  565.286191] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  565.293788] Interruptibility = 00000000  ActivityState = 00000000
[  565.300527] *** Host State ***
[  565.303848] RIP = 0xffffffff81212aae  RSP = 0xffff88018194f350
[  565.309925] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  565.318691] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  565.326903] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  565.326918] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  565.326936] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  565.352268] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  565.359785] *** Control State ***
[  565.363394] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  565.370639] EntryControls=0000d1ff ExitControls=002fefff
[  565.376263] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  565.383320] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  565.390078] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  565.396813]         reason=80000021 qualification=0000000000000000
[  565.403310] IDTVectoring: info=00000000 errcode=00000000
[  565.408838] TSC Offset = 0xfffffecf04c947bd
[  565.413276] EPT pointer = 0x00000001cdccd01e
[  565.462731] *** Guest State ***
[  565.466294] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  565.475710] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  565.477550] *** Guest State ***
[  565.485134] CR3 = 0x0000000000000000
[  565.488009] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  565.491608] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  565.491618] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  565.491632] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  565.491644] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.491663] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.501032] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  565.507351] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  565.518894] CR3 = 0x0000000000000000
[  565.519670] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.528261] RSP = 0x0000000000000000  RIP = 0x000000000000fff0
[  565.537196] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.544629] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  565.553894] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.556621] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  565.564751] GDTR:                           limit=0x000007ff, base=0x0000000000001000
22:02:28 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3, 0x0, r0}, 0x2c)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000001c0)=""/183)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:28 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x6488, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  565.570569] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.578887] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  565.585395] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.604655] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  565.607418] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  565.620204] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.643662] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.652840] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  565.664732] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  565.678346] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.688079] Interruptibility = 00000000  ActivityState = 00000000
[  565.694678] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.703079] *** Host State ***
[  565.703236] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  565.707167] RIP = 0xffffffff81212aae  RSP = 0xffff880188587350
[  565.714847] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.720601] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  565.729200] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  565.735269] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  565.743675] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  565.752094] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  565.759973] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  565.765693] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426f0
[  565.772425] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  565.779114] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  565.786854] Interruptibility = 00000000  ActivityState = 00000000
[  565.793244] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  565.799666] *** Host State ***
[  565.805638] *** Control State ***
[  565.809141] RIP = 0xffffffff81212aae  RSP = 0xffff88017df1f350
[  565.812322] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  565.818682] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  565.825113] EntryControls=0000d1ff ExitControls=002fefff
[  565.832114] FSBase=00007f3d332a7700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  565.836956] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  565.844984] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  565.851839] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  565.857847] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  565.864330] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  565.871352] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  565.878012]         reason=80000021 qualification=0000000000000000
[  565.885272] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  565.890979] IDTVectoring: info=00000000 errcode=00000000
[  565.897229] *** Control State ***
[  565.902542] TSC Offset = 0xfffffecf04c947bd
[  565.906307] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2
[  565.910354] EPT pointer = 0x00000001cdccd01e
[  565.917249] EntryControls=0000d1ff ExitControls=002fefff
[  565.927281] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  565.934353] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  565.941014] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  565.947979]         reason=80000021 qualification=0000000000000000
[  565.954333] IDTVectoring: info=00000000 errcode=00000000
[  565.959787] TSC Offset = 0xfffffeceafc36fb8
22:02:28 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x500)

22:02:28 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x4000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:28 executing program 5:
r0 = socket$inet6(0xa, 0x21000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000100)="153f6234488dd25d766070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xfff}]}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='dctcp\x00', 0x6)
sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000560e, &(0x7f0000e68000)={0x2, 0x4004e23, @local, [0x40000000, 0x2]}, 0x10)
shutdown(r1, 0x1)

22:02:28 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x8a000, 0x0)
write$P9_RREADDIR(r2, &(0x7f00000002c0)={0xcb, 0x29, 0x2, {0x9, [{{0x0, 0x2, 0x1}, 0x2, 0x6, 0xd, './file0/file0'}, {{0x4, 0x4, 0x4}, 0x1ff, 0x10000, 0x7, './file0'}, {{0x81}, 0x7, 0x5, 0x7, './file0'}, {{0x2, 0x0, 0x4}, 0x2, 0x7, 0x7, './file0'}, {{0x0, 0x3, 0x6}, 0xef24, 0x4, 0x7, './file0'}, {{0x2, 0x3, 0x3}, 0x0, 0x4, 0x7, './file0'}]}}, 0xcb)
creat(&(0x7f00000000c0)='./file0\x00', 0x184)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = creat(&(0x7f0000000000)='./file0\x00', 0x84)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r4, 0x40405515, &(0x7f0000000100)={0x9, 0x1000000000000000, 0x8029, 0x8, '\x00', 0x8001})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000400)={{0x0, 0x5000}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0x0, 0xffffffffffffffff}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000000540)={'filter\x00', 0x8b, "7c0c83ffa3b82a1230b8ef792ac40e3f1870ddf4adeee20d1f6e152e3c6ce74d6b3ae8ca781d3a8e89e9ce86302647ddfa2770595b7a1972ac180be644726c3a0b5b6fcf84018425414160aa52147bea730e73f4ca55c23a6cbc65780418f039af4b8c94aa5af73668e25f9f64ff3963fcac97d21497ebe9d655d66a70cd09f925a6758a7600620299c99a"}, &(0x7f0000000200)=0xaf)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x101240, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:02:28 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88caffff00000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  565.964156] EPT pointer = 0x00000001ba47901e
22:02:28 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88a8ffff00000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:28 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88470000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  566.054427] *** Guest State ***
[  566.054443] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  566.068342] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  566.079653] CR3 = 0x0000000000000000
[  566.084234] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  566.097989] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:02:28 executing program 5:
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x84800)
write$sndseq(r0, &(0x7f0000000100), 0xfffffe39)
ioctl$ASHMEM_SET_PROT_MASK(0xffffffffffffffff, 0x40087705, &(0x7f0000000140))

22:02:29 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xfeffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  566.110952] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  566.123824] *** Guest State ***
[  566.129717] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  566.148850] CS:   sel=0x0000, attr=0x10000, limit=0x00005000, base=0x0000000000000000
22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  566.169677] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  566.186656] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.199808] CR3 = 0x0000000000000000
[  566.205516] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  566.213953] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  566.220808] SS:   sel=0x0000, attr=0x00095, limit=0x00000000, base=0x0000000000000000
[  566.228851] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  566.228872] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.243875] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.252836] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.261504] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.262309] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.277902] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  566.277981] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  566.286512] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.297104] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.302176] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  566.310750] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.318380] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.326739] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.335178] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  566.343068] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  566.349195] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  566.357467] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  566.364819] Interruptibility = 00000000  ActivityState = 00000000
[  566.372969] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  566.378907] *** Host State ***
[  566.387249] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.390209] RIP = 0xffffffff81212aae  RSP = 0xffff8801b9aef350
[  566.398522] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  566.405066] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  566.417227] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  566.417546] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  566.425244] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  566.437721] Interruptibility = 00000000  ActivityState = 00000000
[  566.443570] CR0=0000000080050033 CR3=00000001c22bd000 CR4=00000000001426f0
[  566.445212] *** Host State ***
[  566.451825] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  566.455314] RIP = 0xffffffff81212aae  RSP = 0xffff880191b2f350
[  566.461768] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  566.468194] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  566.474572] *** Control State ***
[  566.480654] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  566.484492] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  566.492489] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  566.498665] EntryControls=0000d1ff ExitControls=002fefff
[  566.509881] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:02:29 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
recvmsg$kcm(r0, &(0x7f0000000fc0)={&(0x7f0000000980)=@xdp={0x2c, 0x0, <r3=>0x0}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000a00)=""/223, 0xdf}, {&(0x7f0000000b00)=""/28, 0x1c}, {&(0x7f0000000b40)=""/49, 0x31}, {&(0x7f0000000b80)=""/108, 0x6c}, {&(0x7f0000000c00)=""/134, 0x86}, {&(0x7f0000000cc0)=""/175, 0xaf}, {&(0x7f0000000d80)=""/173, 0xad}], 0x7, &(0x7f0000000ec0)=""/208, 0xd0, 0x5}, 0x60)
setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000001000)={@mcast1, r3}, 0x14)
getsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000080), &(0x7f0000000100)=0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
socket$kcm(0x29, 0x5, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r4, &(0x7f00000002c0)="734c576632c860578ee8c370929ddd423d80e14623c020d71f87d6eadbdf8aee2f83b2ef303d546f85790a3295c020128e46715be0000000ea7c5c43753d2c703274db360c27506e86697016a8ac8b1c3a19cca25ef567c8c4a29948d1f26e1cbfb397f1a78a5914c89cd6ac7f9f709c36270a9285f0875305525b4841ea7eb1f92d2f04b4a023fe34c063d11e3ed171bf86a38edf64d7feae1db2c39e5c317408eb8f85b6f6a46a8c861ed1c9dd6d05205bea0059b9832daf3902940000000000000000000000", &(0x7f00000003c0)="15fdc9877ddbc839a7c0a179364aebd6b5ea26aa792974cde74524e3ab7799c1a59819f0d9717d19f6ab65be98cd1d98b98f4b4a2aa3b6fcfbc7e5b63a3f1c3b26f038b79eda"}, 0xffffff82)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:29 executing program 5:
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca)
unlink(&(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0x9, 0x18, 0x0, 0xd9, 0x0, 0x7fffffff})
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
utime(&(0x7f0000000000)='./file1\x00', &(0x7f00000002c0)={0x0, 0x5})
rmdir(&(0x7f0000000280)='./file1\x00')

[  566.511984] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  566.517578] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  566.524317] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  566.530685] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  566.537611] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  566.545572]         reason=80000021 qualification=0000000000000000
[  566.556532] IDTVectoring: info=00000000 errcode=00000000
[  566.561972] *** Control State ***
[  566.561982] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  566.561989] EntryControls=0000d1ff ExitControls=002fefff
[  566.562539] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  566.571931] TSC Offset = 0xfffffece5acf5058
[  566.575177] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  566.582264] EPT pointer = 0x00000001ba47901e
[  566.586605] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  566.607928]         reason=80000021 qualification=0000000000000000
22:02:29 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x200000000000000)

22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x43050000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:29 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x3f00000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  566.620532] IDTVectoring: info=00000000 errcode=00000000
[  566.626542] TSC Offset = 0xfffffece5e92bbb3
[  566.631452] EPT pointer = 0x00000001c98b501e
22:02:29 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
readahead(r0, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
prctl$setmm(0x23, 0x1, &(0x7f0000ffc000/0x3000)=nil)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/217, 0xd9}, {&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f00000002c0)=""/4096, 0x1000}], 0x3, &(0x7f0000001440)=""/179, 0xb3}, 0xd2}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
setrlimit(0x4000000000000f, &(0x7f0000000040)={0x0, 0x1c00})

22:02:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xfeffffff00000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  566.767989] *** Guest State ***
[  566.782249] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  566.806017] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fallocate(r2, 0x9, 0x7ff, 0x6)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:29 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x800000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  566.823238] CR3 = 0x0000000000000000
[  566.827160] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  566.833553] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  566.839717] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xfeffffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  566.871693] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.894477] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.906563] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  566.924830] *** Guest State ***
[  566.930576] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.938207] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  566.939126] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.955871] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  566.966552] GDTR:                           limit=0x000007ff, base=0x0000000000001000
22:02:29 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  566.967454] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  566.982297] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  566.992869] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  567.000232] CR3 = 0x0000000000000000
[  567.005244] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.014776] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  567.021347] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  567.026781] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  567.029303] Interruptibility = 00000000  ActivityState = 00000000
[  567.046788] *** Host State ***
[  567.053615] RIP = 0xffffffff81212aae  RSP = 0xffff880188227350
[  567.066470] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  567.073093] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  567.073130] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  567.083416] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  567.096538] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  567.102688] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.112334] CR0=0000000080050033 CR3=00000001bbdce000 CR4=00000000001426e0
[  567.126605] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.132229] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  567.141419] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  567.141516] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  567.149890] *** Control State ***
[  567.159292] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  567.166253] EntryControls=0000d1ff ExitControls=002fefff
[  567.171801] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  567.178967] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  567.185919] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  567.192222] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.192702]         reason=80000021 qualification=0000000000000000
[  567.207159] IDTVectoring: info=00000000 errcode=00000000
[  567.212791] TSC Offset = 0xfffffecdff4c3de6
[  567.217208] EPT pointer = 0x00000001cbc0701e
[  567.227756] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.236463] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.244758] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  567.253363] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.261460] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  567.269721] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:30 executing program 5:
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca)
unlink(&(0x7f0000000040)='./file0\x00')
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0x9, 0x18, 0x0, 0xd9, 0x0, 0x7fffffff})
creat(&(0x7f00000000c0)='./file1\x00', 0x0)
clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff)
utime(&(0x7f0000000000)='./file1\x00', &(0x7f00000002c0)={0x0, 0x5})
rmdir(&(0x7f0000000280)='./file1\x00')

22:02:30 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x1000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x12ae000000000000)

[  567.278373] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  567.284999] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  567.293048] Interruptibility = 00000000  ActivityState = 00000000
[  567.299380] *** Host State ***
[  567.302810] RIP = 0xffffffff81212aae  RSP = 0xffff8801be57f350
[  567.324842] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  567.344187] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  567.357122] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  567.367389] CR0=0000000080050033 CR3=00000001c8382000 CR4=00000000001426f0
[  567.375424] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  567.392278] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  567.398782] *** Control State ***
[  567.402760] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  567.409666] EntryControls=0000d1ff ExitControls=002fefff
[  567.415573] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  567.422940] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  567.431724] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  567.439447]         reason=80000021 qualification=0000000000000000
[  567.453413] IDTVectoring: info=00000000 errcode=00000000
[  567.465135] TSC Offset = 0xfffffecde53d1d31
[  567.474277] EPT pointer = 0x00000001c72ea01e
[  567.493950] *** Guest State ***
[  567.497420] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  567.507359] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  567.516736] CR3 = 0x0000000000000000
[  567.522661] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  567.532186] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  567.538340] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  567.546074] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.559655] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.578889] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  567.595500] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.603999] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.619352] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.627950] GDTR:                           limit=0x000007ff, base=0x0000000000001000
22:02:30 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x6, 0x4, 0x3}, 0xfffffd04)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0xfffffffffffffffc, &(0x7f0000000080)={0x77359400})
read$eventfd(r0, &(0x7f0000000040), 0x8)

22:02:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x6)

22:02:30 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x8000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  567.645759] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  567.654749] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  567.686577] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  567.705787] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  567.733859] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  567.752620] Interruptibility = 00000000  ActivityState = 00000000
[  567.759207] *** Host State ***
[  567.779535] RIP = 0xffffffff81212aae  RSP = 0xffff8801be57f350
[  567.790714] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  567.806812] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  567.818413] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  567.824953] CR0=0000000080050033 CR3=00000001c8382000 CR4=00000000001426e0
[  567.832425] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  567.839205] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  567.845717] *** Control State ***
[  567.849271] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  567.857322] EntryControls=0000d1ff ExitControls=002fefff
[  567.863406] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  567.870444] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  567.877570] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  567.884536]         reason=80000021 qualification=0000000000000000
22:02:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x800)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000600)={&(0x7f0000000240), 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0xa8, r6, 0x0, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2e}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x23}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x34}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x0)
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, <r8=>0x0}, &(0x7f0000000200)=0xc)
write$FUSE_ENTRY(r5, &(0x7f0000000400)={0x90, 0x0, 0x5, {0x0, 0x2, 0x8, 0x3, 0x2, 0x2, {0x3, 0x0, 0x2, 0x800, 0x3ff, 0x100000000, 0x10000, 0x0, 0x8, 0x7, 0x1, r7, r8, 0x7, 0xcc9}}}, 0x90)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000640)=0x1)

22:02:30 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000700), 0x0, 0x0, &(0x7f0000000280)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600), 0x1, 0x0, &(0x7f00000000c0)="e1"})

22:02:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8035000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:30 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x2, 0x4, 0x7})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x400000000000000)

[  567.890978] IDTVectoring: info=00000000 errcode=00000000
[  567.896870] TSC Offset = 0xfffffecde53d1d31
[  567.902891] EPT pointer = 0x00000001c72ea01e
22:02:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x806000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  567.962616] binder: 20504:20507 ioctl c0306201 20000040 returned -11
22:02:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x8)

22:02:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:30 executing program 1:
socketpair(0x1, 0x6, 0x3, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
r3 = gettid()
perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x6, 0x7f, 0xffffffff, 0x58, 0x0, 0x70, 0x8000, 0x8, 0x0, 0x8, 0x2cda, 0x4, 0x40, 0x0, 0x6, 0x9, 0x4, 0xbc01, 0x4, 0x1ff, 0x2, 0xc3, 0x0, 0x5, 0x2, 0xfffffffffffffff7, 0x3, 0xffff, 0x8, 0x10000, 0xb0, 0x0, 0x0, 0xc0f, 0xef2, 0x5, 0x0, 0xfffffffffffffffa, 0x5, @perf_bp={&(0x7f0000000040), 0x7}, 0x8000, 0x9f51, 0x344, 0x7, 0x7, 0x1, 0x80}, r3, 0xb, 0xffffffffffffff9c, 0x8)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080), &(0x7f0000000100)=0x4)

22:02:30 executing program 5:
r0 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001700)="92f96847619a1df7defaf7569203110600bbd828", 0x14}], 0x1, &(0x7f0000000600)}}], 0x1, 0x28dc33410d57d92e)

[  568.037168] *** Guest State ***
[  568.042236] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  568.058690] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:31 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x5c000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  568.093258] CR3 = 0x0000000000000000
[  568.098720] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  568.117678] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  568.130577] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  568.148809] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.158399] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.167331] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  568.172479] *** Guest State ***
[  568.175559] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.178960] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  568.187086] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.204194] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.216527] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  568.224739] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.226445] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  568.233469] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  568.249954] CR3 = 0x0000000000000000
[  568.250235] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.254169] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  568.262663] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  568.274966] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  568.278256] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  568.282733] Interruptibility = 00000000  ActivityState = 00000000
[  568.293170] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  568.295756] *** Host State ***
[  568.301605] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.304965] RIP = 0xffffffff81212aae  RSP = 0xffff8801bd6f7350
[  568.313136] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.319223] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  568.327141] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  568.333717] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  568.341577] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.349716] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  568.357797] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.363736] CR0=0000000080050033 CR3=00000001d2d13000 CR4=00000000001426e0
[  568.371562] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.378789] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  568.386849] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  568.393565] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  568.401559] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  568.407879] *** Control State ***
[  568.415768] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  568.419251] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  568.427665] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.434140] EntryControls=0000d1ff ExitControls=002fefff
[  568.442172] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  568.447640] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  568.453964] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  568.461223] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  568.468510] Interruptibility = 00000000  ActivityState = 00000000
[  568.475375] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  568.481458] *** Host State ***
[  568.488688]         reason=80000021 qualification=0000000000000000
[  568.491335] RIP = 0xffffffff81212aae  RSP = 0xffff880180fbf350
[  568.497870] IDTVectoring: info=00000000 errcode=00000000
[  568.503769] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  568.509338] TSC Offset = 0xfffffecd4df466be
[  568.515696] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  568.520166] EPT pointer = 0x00000001c78a301e
[  568.527887] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  568.538947] CR0=0000000080050033 CR3=00000001cd182000 CR4=00000000001426f0
[  568.546057] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  568.553170] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  568.559213] *** Control State ***
[  568.562814] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  568.563265] *** Guest State ***
[  568.569482] EntryControls=0000d1ff ExitControls=002fefff
[  568.569496] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  568.569504] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  568.569512] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  568.569519]         reason=80000021 qualification=0000000000000000
[  568.569526] IDTVectoring: info=00000000 errcode=00000000
[  568.569531] TSC Offset = 0xfffffecd40ac8897
[  568.569546] EPT pointer = 0x00000001cd02e01e
[  568.573368] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  568.587530] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  568.599076] CR3 = 0x0000000000000000
[  568.640802] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  568.640815] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  568.640830] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  568.640846] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.652901] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.652919] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  568.652935] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.652952] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.652969] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.652981] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  568.652999] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  568.653023] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  568.731792] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  568.740160] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  568.746740] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  568.754297] Interruptibility = 00000000  ActivityState = 00000000
[  568.760542] *** Host State ***
[  568.763781] RIP = 0xffffffff81212aae  RSP = 0xffff8801c98d7350
[  568.769806] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  568.776266] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  568.784089] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  568.789969] CR0=0000000080050033 CR3=00000001d2d13000 CR4=00000000001426e0
[  568.797047] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  568.803754] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  568.809802] *** Control State ***
[  568.813653] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  568.820318] EntryControls=0000d1ff ExitControls=002fefff
[  568.825813] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  568.832762] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  568.839408] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  568.846014]         reason=80000021 qualification=0000000000000000
[  568.852360] IDTVectoring: info=00000000 errcode=00000000
[  568.857881] TSC Offset = 0xfffffecd4df466be
[  568.862246] EPT pointer = 0x00000001c78a301e
22:02:33 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xe00}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:33 executing program 5:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000200)='/dev/uinput\x00', 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11)
ioctl$TIOCGLCKTRMIOS(r0, 0x405c5503, &(0x7f0000000000)={0x0, 0x0, 0x2})
ioctl$UI_DEV_SETUP(r0, 0x5501, &(0x7f0000000300)={{}, 'syz1\x00'})

22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x5)

22:02:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x80000, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:33 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x12, 0x100000001, 0x4, 0x200000000003, 0x0, 0xffffffffffffffff, 0x2}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
socket$inet6(0xa, 0x2, 0xfffffffffffff001)

22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  570.717024] input:  as /devices/virtual/input/input8
[  570.732296] *** Guest State ***
[  570.736914] input: failed to attach handler leds to device input8, error: -6
[  570.742454] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  570.770038] input:  as /devices/virtual/input/input9
[  570.776238] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  570.792318] *** Guest State ***
[  570.795634] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  570.796892] CR3 = 0x0000000000000000
[  570.808922] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x81000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  570.818581] input: failed to attach handler leds to device input9, error: -6
[  570.822494] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  570.835639] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  570.845589] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.854445] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.861767] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  570.863310] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  570.880170] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.888726] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.897210] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.902540] CR3 = 0x0000000000000000
[  570.909235] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88640000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  570.912985] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  570.929373] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  570.930825] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.943529] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  570.952877] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  570.961114] EFER =     0x0000000000000000  PAT = 0x0007040600070406
22:02:33 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x8}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:33 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0)
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0x12)
socket$inet_dccp(0x2, 0x6, 0x0)
sendfile(r1, r1, &(0x7f0000000200), 0xfdef)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f0000000180)=0x2, 0x4)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)
r2 = socket$bt_rfcomm(0x1f, 0x0, 0x3)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000480)={0xf878, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e23, @multicast1}, {0x2, 0x4e25, @loopback}, 0x200, 0xfa2a, 0x5, 0x7, 0x54, &(0x7f0000000440)='ip_vti0\x00', 0x100000000, 0x101, 0xa2})
sendmsg(r2, &(0x7f0000000400)={&(0x7f0000000100)=@sco={0x1f, {0x7, 0x5, 0x9, 0xffffffff80000001, 0x7, 0x3}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000240)="7284feb9372022452267f19b283644da4e63a4c722855cf650970d6f224903b8e312d3584a1928dac3cf63399084e4230b976b7d7676ec76b0a20fc407db4d0523878b82a3741681749bb13817fd04121185f0ad501fbcbe07bdc6dfed2dab9cd4873e70dd8e4ab291075d1e2567a4eb8da35263def36c7eba5c65abbad5a13d5dbacf76701874a2d912ba3ce02eb035fc50fc518389f009447386b2690402bd9154b592496bbf7ab3bb18d92a9bef34fc4bf65693427c7cb2ad08c688a9a5cc2f2b93916d7b78cd269e", 0xca}], 0x1, &(0x7f0000000340), 0x0, 0x8000}, 0x10)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={<r3=>0x0, 0xd8}, &(0x7f00000001c0)=0x8)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000340)={r3, 0x9}, &(0x7f0000000500)=0x8)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)={&(0x7f00000003c0)='./file1\x00'}, 0x10)

[  570.967135] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  570.986629] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.005098] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  571.012745] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.023142] Interruptibility = 00000000  ActivityState = 00000000
[  571.029939] *** Host State ***
[  571.037051] RIP = 0xffffffff81212aae  RSP = 0xffff880180c27350
[  571.044425] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  571.052459] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  571.052472] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  571.052483] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
22:02:33 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.052497] CR0=0000000080050033 CR3=00000001cdbff000 CR4=00000000001426e0
[  571.052511] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  571.052522] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  571.052526] *** Control State ***
[  571.052535] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  571.052542] EntryControls=0000d1ff ExitControls=002fefff
[  571.052554] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  571.052562] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  571.052570] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  571.052577]         reason=80000021 qualification=0000000000000000
[  571.052589] IDTVectoring: info=00000000 errcode=00000000
[  571.068191] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.103915] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.116168] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.129927] TSC Offset = 0xfffffecbdbef6ed5
22:02:34 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xfffffff5}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8035, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.137273] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  571.164148] EPT pointer = 0x00000001cb9d601e
[  571.167967] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  571.192272] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  571.206565] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.215108] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  571.221614] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  571.229179] Interruptibility = 00000000  ActivityState = 00000000
[  571.229184] *** Host State ***
[  571.229195] RIP = 0xffffffff81212aae  RSP = 0xffff880180fbf350
[  571.229217] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  571.229235] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  571.267923] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  571.275203] CR0=0000000080050033 CR3=00000001cd067000 CR4=00000000001426f0
[  571.290321] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  571.306415] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  571.313517] *** Control State ***
[  571.317972] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
22:02:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0xffff8000)

22:02:34 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c)
sendmmsg(r0, &(0x7f000000ac80), 0x400021b, 0x0)

[  571.325686] EntryControls=0000d1ff ExitControls=002fefff
[  571.331251] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  571.339126] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  571.346783] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  571.353642]         reason=80000021 qualification=0000000000000000
[  571.359946] IDTVectoring: info=00000000 errcode=00000000
[  571.365459] TSC Offset = 0xfffffecbd920e921
[  571.369776] EPT pointer = 0x00000001bd15801e
[  571.413469] *** Guest State ***
[  571.416938] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  571.426519] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  571.435599] CR3 = 0x0000000000000000
[  571.439501] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  571.445716] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  571.451911] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  571.458834] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.469777] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.478085] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  571.486323] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.494565] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.503271] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.511508] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  571.519805] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  571.528412] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  571.536652] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.545277] EFER =     0x0000000000000000  PAT = 0x0007040600070406
22:02:34 executing program 1:
prctl$getname(0x10, &(0x7f0000000040)=""/42)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f00000001c0)={0x0, 0x0, [0x401, 0x5, 0x0, 0xfff]})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

22:02:34 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xfffffffe}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  571.560812] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  571.572177] Interruptibility = 00000000  ActivityState = 00000000
[  571.603894] *** Host State ***
22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.614408] RIP = 0xffffffff81212aae  RSP = 0xffff8801880a7350
[  571.630582] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  571.645810] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
22:02:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x5ad, 0x608200)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x2200c, 0x4)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = memfd_create(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x4)
ioctl$sock_inet_tcp_SIOCINQ(r5, 0x541b, &(0x7f00000000c0))
syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x34, 0x100)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xd000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.666678] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  571.683090] CR0=0000000080050033 CR3=00000001ce0d2000 CR4=00000000001426f0
[  571.700677] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
22:02:34 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xe00000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  571.727612] *** Guest State ***
[  571.735696] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  571.739027] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:34 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000002c0)=@sack_info={0x0, 0x0, 0x4}, 0xc)
bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0xffffffff)
r2 = accept4(r1, &(0x7f0000000340)=@alg, &(0x7f0000000040)=0x80, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={0x0, 0x2e11}, 0x8)
shutdown(r2, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="40bae8c8b5c56f7bcd33e82b6f0b04e840787a03b0ced75345263e91cd48846a63501b0b64784f4b4767b1a2b370ed818a8e7c838577"], 0x36)
sendmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f00000000c0)='[', 0x1}], 0x1, &(0x7f00000016c0)}, 0x0)

[  571.768107] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  571.778166] CR3 = 0x0000000000000000
[  571.782309] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  571.788465] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  571.792364] *** Control State ***
[  571.794693] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  571.805038] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.807437] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  571.825031] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.827782] EntryControls=0000d1ff ExitControls=002fefff
[  571.845432] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  571.855440] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  571.860490] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  571.867116] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.873319] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  571.881037] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.893157] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.897833]         reason=80000021 qualification=0000000000000000
[  571.901362] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  571.912049] IDTVectoring: info=00000000 errcode=00000000
[  571.921334] TSC Offset = 0xfffffecb7cace269
[  571.925532] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  571.934445] EPT pointer = 0x00000001c80b801e
[  571.946205] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  571.954667] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:34 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x4000000)

22:02:34 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8060000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  571.962938] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  571.977657] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  571.986639] Interruptibility = 00000000  ActivityState = 00000000
[  571.996360] *** Guest State ***
[  572.009166] *** Host State ***
[  572.012394] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  572.012411] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  572.012417] CR3 = 0x0000000000000000
[  572.012425] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  572.012436] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  572.012452] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  572.012465] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.012486] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.012506] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  572.012523] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.012543] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.012562] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.012580] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  572.023845] RIP = 0xffffffff81212aae  RSP = 0xffff88018fc1f350
[  572.032313] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  572.040121] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  572.063396] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  572.092945] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  572.092957] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  572.092971] CR0=0000000080050033 CR3=00000001d3a3b000 CR4=00000000001426f0
[  572.092986] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  572.092997] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  572.093019] *** Control State ***
[  572.109122] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.126154] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  572.153692] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  572.167717] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  572.180852] EntryControls=0000d1ff ExitControls=002fefff
[  572.190788] Interruptibility = 00000000  ActivityState = 00000000
[  572.198523] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  572.204325] *** Host State ***
[  572.209400] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  572.216331] RIP = 0xffffffff81212aae  RSP = 0xffff8801837af350
[  572.222985] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  572.226122] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  572.232831]         reason=80000021 qualification=0000000000000000
[  572.239091] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  572.245698] IDTVectoring: info=00000000 errcode=00000000
[  572.252073] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  572.258119] TSC Offset = 0xfffffecb51cf6755
[  572.266350] CR0=0000000080050033 CR3=00000001cdf96000 CR4=00000000001426f0
[  572.271381] EPT pointer = 0x00000001bda8b01e
[  572.277578] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  572.293909] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  572.306283] *** Control State ***
[  572.309747] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  572.316448] EntryControls=0000d1ff ExitControls=002fefff
[  572.321891] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  572.328871] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  572.335624] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  572.342716]         reason=80000021 qualification=0000000000000000
[  572.349128] IDTVectoring: info=00000000 errcode=00000000
[  572.355109] TSC Offset = 0xfffffecb2c874caa
[  572.359591] EPT pointer = 0x00000001d1db401e
22:02:35 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000040)={0x100000000000000, 0x3000, 0x7ff, 0x3, 0x19})
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:35 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x100000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8847, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:35 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, <r1=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r1}}]})

22:02:35 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2200)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000080)={<r4=>0x0, 0x3d, "7913bed59b74f6ddc6b9f5dcaed85e6c74393523b3623803789825843be920274fd86cbc70f43a518a9d9a7fbcd45198fb198c3820e0736c474f16a591"}, &(0x7f0000000100)=0x115)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYBLOB="020004001f4438a8d3000700"], &(0x7f0000000200)=0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:35 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x3f00000000000000)

22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x689, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  572.482687] *** Guest State ***
[  572.489881] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  572.500237] hfsplus: uid requires an argument
[  572.511884] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  572.522154] CR3 = 0x0000000000000000
[  572.527394] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  572.534682] hfsplus: unable to parse mount options
[  572.541137] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  572.543394] *** Guest State ***
[  572.551470] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  572.569453] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:35 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
exit(0x200)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  572.571524] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.586498] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  572.598043] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.610523] CR3 = 0x0000000000000000
[  572.616700] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  572.624970] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:35 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xfeffffff}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x5c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  572.640388] hfsplus: uid requires an argument
[  572.650214] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  572.666567] hfsplus: unable to parse mount options
[  572.669818] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.673068] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  572.686418] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  572.699391] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.699569] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.708048] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.716862] GDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:35 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, <r1=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r1}}]})

[  572.733853] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  572.742349] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.742425] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.753426] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  572.760184] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.767576] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.774563] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.791563] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  572.798791] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  572.807969] Interruptibility = 00000000  ActivityState = 00000000
[  572.816693] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  572.836150] *** Host State ***
22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  572.842404] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  572.851936] hfsplus: uid requires an argument
[  572.859347] RIP = 0xffffffff81212aae  RSP = 0xffff88018843f350
[  572.865999] hfsplus: unable to parse mount options
[  572.871119] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  572.883728] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8864, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:35 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x3f000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  572.893286] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  572.905940] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  572.918171] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  572.923784] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  572.924755] CR0=0000000080050033 CR3=00000001c379f000 CR4=00000000001426f0
22:02:35 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  572.938205] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  572.945402] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  572.960473] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  572.965922] *** Control State ***
[  572.974846] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  572.984765] EntryControls=0000d1ff ExitControls=002fefff
[  572.990358] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  572.998565] Interruptibility = 00000000  ActivityState = 00000000
[  572.998820] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  573.012225] *** Host State ***
[  573.015526] RIP = 0xffffffff81212aae  RSP = 0xffff880189baf350
[  573.024603] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  573.031599]         reason=80000021 qualification=0000000000000000
[  573.038235] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  573.052365] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  573.056824] IDTVectoring: info=00000000 errcode=00000000
[  573.064096] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  573.073907] CR0=0000000080050033 CR3=00000001bd69a000 CR4=00000000001426f0
[  573.077526] TSC Offset = 0xfffffecae9ca039f
[  573.083937] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  573.092146] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  573.098304] EPT pointer = 0x00000001bc46f01e
[  573.098458] *** Control State ***
[  573.106513] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  573.115070] EntryControls=0000d1ff ExitControls=002fefff
[  573.121247] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  573.128542] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  573.136152] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  573.142892]         reason=80000021 qualification=0000000000000000
[  573.149343] IDTVectoring: info=00000000 errcode=00000000
[  573.154940] TSC Offset = 0xfffffecaea15ee1c
[  573.159403] EPT pointer = 0x00000001cd74101e
22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x608, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:36 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, <r1=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r1}}]})

22:02:36 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x3f00}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  573.286774] hfsplus: uid requires an argument
[  573.295254] hfsplus: unable to parse mount options
22:02:36 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
write$P9_ROPEN(r0, &(0x7f0000000040)={0x18, 0x71, 0x2, {{0x10, 0x3, 0x2}, 0x7f}}, 0x18)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:36 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$midi(&(0x7f0000005340)='/dev/midi#\x00', 0x7, 0x101040)
getsockopt$netlink(r3, 0x10e, 0x0, &(0x7f0000005380)=""/36, &(0x7f00000053c0)=0x24)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:36 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x3000000)

22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:36 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, <r1=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r1}}]})

22:02:36 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x8000000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  573.533334] hfsplus: uid requires an argument
[  573.538366] hfsplus: unable to parse mount options
22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x86ddffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  573.573730] *** Guest State ***
[  573.576301] *** Guest State ***
[  573.583181] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  573.584103] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:36 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  573.626581] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  573.641511] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  573.653131] CR3 = 0x0000000000000000
[  573.656954] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:36 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$TIOCGETD(r0, 0x5424, &(0x7f0000000040))
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:36 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xffffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  573.678769] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  573.678966] CR3 = 0x0000000000000000
[  573.690141] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  573.700916] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  573.722749] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.735371] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  573.738383] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.756432] hfsplus: unable to find HFS+ superblock
[  573.756692] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  573.770071] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:02:36 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4888, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  573.785298] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.793545] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.808105] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.808715] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  573.842267] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.848542] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.850366] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.869424] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  573.877963] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.878114] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.894622] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  573.906747] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.907525] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.922888] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  573.925744] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  573.930970] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  573.938933] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  573.946036] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  573.953261] Interruptibility = 00000000  ActivityState = 00000000
[  573.960971] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  573.967549] *** Host State ***
[  573.975638] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  573.979737] RIP = 0xffffffff81212aae  RSP = 0xffff8801c0687350
[  573.991452] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  573.992222] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  573.998272] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  574.009478] Interruptibility = 00000000  ActivityState = 00000000
[  574.016834] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  574.019599] *** Host State ***
[  574.025952] CR0=0000000080050033 CR3=00000001d2029000 CR4=00000000001426e0
[  574.029348] RIP = 0xffffffff81212aae  RSP = 0xffff8801877ef350
[  574.035998] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  574.041707] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  574.048897] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  574.054950] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  574.061160] *** Control State ***
[  574.068874] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  574.073111] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  574.078633] CR0=0000000080050033 CR3=00000001cf604000 CR4=00000000001426f0
[  574.085337] EntryControls=0000d1ff ExitControls=002fefff
[  574.092132] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  574.097963] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  574.104340] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  574.111261] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  574.117374] *** Control State ***
[  574.124722] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  574.127466] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  574.134297]         reason=80000021 qualification=0000000000000000
[  574.140762] EntryControls=0000d1ff ExitControls=002fefff
[  574.147334] IDTVectoring: info=00000000 errcode=00000000
[  574.152626] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  574.158538] TSC Offset = 0xfffffeca5413ba00
[  574.165209] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  574.169801] EPT pointer = 0x00000001d86dd01e
[  574.176159] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  574.187714]         reason=80000021 qualification=0000000000000000
[  574.191887] *** Guest State ***
[  574.194148] IDTVectoring: info=00000000 errcode=00000000
[  574.198357] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  574.203293] TSC Offset = 0xfffffeca558ecdee
[  574.212183] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  574.216234] EPT pointer = 0x00000001c5da101e
[  574.225640] CR3 = 0x0000000000000000
[  574.233466] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  574.241696] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  574.248069] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  574.254935] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.263023] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.271011] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  574.279048] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.287063] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.295097] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.303091] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  574.311052] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  574.319075] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  574.327071] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.335091] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  574.341513] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  574.348979] Interruptibility = 00000000  ActivityState = 00000000
[  574.355253] *** Host State ***
[  574.358441] RIP = 0xffffffff81212aae  RSP = 0xffff8801c0687350
[  574.364446] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  574.370857] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  574.378709] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  574.384622] CR0=0000000080050033 CR3=00000001d2029000 CR4=00000000001426e0
[  574.391624] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  574.398313] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  574.404381] *** Control State ***
[  574.407815] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  574.414492] EntryControls=0000d1ff ExitControls=002fefff
[  574.419941] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  574.426890] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  574.433569] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
22:02:37 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000001c0)={<r3=>0x0, 0x1000, "6ed467dc79c0e66c07f5b4c24133481d3264a6a1605309cceb21f14f530f2b1a778dba31d58119af5be0c4c7b41bc076c5e766123d74423a74e4af39ce7e7447ccafb03c0dfa5a081974969813e8e4234148e0de05a2ca7d13bc50ab95459a204fca0c886b30eb333033b4b7494db0a9908640f52438aacf45471ab6dd65d0ec174e1087daebc475a1d393d6c7f8854cd0d687d61ad38924e6f63bfc808dab848889edc54976812952c39fd40f302840ec496837a48c6303a43ce89203ba7e6c9d9ae1c81ba6ee99e925df5b461d239c8d700eeacb308b91f5933d5300c3bdf1599cb4d8a16bbb63a288416278f86d7f1ad9529a7ee8d0d48b482f7de35fa28405e8d367e034cb289ec029c229e544912bbc4f3433f059cd4181b4835e2450d0d06a4c634ee146524793acb834322af271db8c26bcb783fd0a690110543962dea8b70491fb2e3275db254c9168f6fbc8ed5d3948524d351a097aed79fcddd8c9e4a3bbd8f7331ef7e396de1b1368799e5c4b63223a0a46264af4fbda4f7c78b71bc8ebcc630b25773c3a9cd259377507b51ae00a3d6563ea1dc3ff14e7a1e5d1476ad2f03650f26a4f45f84d647747ebae49058e3242f4bd505b1f4f872108bab69b672dd4e2f005cc311f11e19e7718a5d12875d39278bcd3a81912171231dcccc46d35befcd2d79a4dc02d3f08bafaac1e951aa5d683d36a1b34d58fca06646851a0e825d41dfc81e17bd749dac217ed56e892aa11ed732eb1fdc4c39a2789c73ee0eb7f65d4a8f0a2527708f6c5d313d11943c29cdb2d86ae0e9dd6ca77ab092289a5499a38e1436779dc18a67be9297f9f8130415f9a878b48daec7ea9699c5539b30838b93d0fbe3d2ead45fb0a2e8b451c2c00000919d5e6312a3f83f02c167c39a454baa2060ebcaff50ff23d9e82db2941a6469a5bec736a51ce7e42b76557ee04976d7c5fb45b13fccbc5271a2749d79300ce06269ff08e93ff9797b6bad270bf1e7624f00412699d37ca9940f7908c657eb1364ce7e8fd76b28b8f66b659026097081990677ee00a9d5e01b2539a87094821b8ced54a40bbeb8c42849ae4de9026ffd59709ef4406b80af2aed088457589d7c1386a747e91c74660b1ce1f033998abd6980d0d44e2e637b4fad628ac1b0bf6ca3b2ef5523ac6e81e6fc7aabbaf7e007eb6c8108696444a91855cbd088d1a6fc32a72e45c3cba2a81d2fde77fb5fc69fd5ab04e71c03110d525ec896da36206fabec4429c53fd16cb757aee94fd7253489dc68d1a645531f4ccb83d38f02751c40b081f11e957ee9af4a314d657741c21c0a87ddb614d966c9ff0aeaa3b3ab277f74c2e58f0d495a9cad500410bb1f7b29d04ba04f60d9df4e219dd0c7b0644c019ebde61e515eee6612cc3f4978af5ee70e9ba4234ecba40aa47c09668c38126dd8f7b6582ef6fa56b8444d0d7fbb270fec623aeb802d73b8c8929172184e34f30b75976650e72c08e15fd5c27668ea4f3587b551d09e0ec31da44f296b2557e7eb220245713c20378670be7a8eee29018fc5c355bf5c1953d05e14f9233526b99eb9da0519ca9b2e32545e2dcaa16f0a5a6492e37fed218d8bb909191a26f98af5875110be7bad81406d709d2780bf79d103c4a9218d0299c8fbeb130d9a0daf6ab6463e5db003b17565d86d32809942c85e437b86440171a94244418b70ea3ad08836a5a0ab633c2d9a3b6e2f577c235357bdb9eebdfc33410f22d410cbb11878336e54379fdca0a5e53816135a84bced59bd471d8538d683d55059ade2551dbe4530c10b32e71a60135c52ed540e1da39a37831471689cdb45cd7d0a602d910ee55b7ae50998df65efae83597a9d4544321f6ae30a7b2b81ea163dbd99cdb8bdb55f208a89846a28adda48a9fcce6e6fd932ac1b514745613ee142fcaa6b166623d1821e838452f21e472769109ea74892fa3585b8f57826b6bba6cb46c4e5a1924dbf67e5e84e7f8bec92a3c7808a6bd9c57f7429cb5ae3db3f314c9424726936276117a3640f1464b6e30315756a20632faa82f6d8597d45eeba042ec330711e220f2e3e613140114d94082b56954fc7a439b6be0dc1f4b464619e9f0358777d1ced9b4b7553e23a4efa0955459d7149e9a3a756eca82479743a8b2fab453ede7842b5f7248307c13ad79b600e5fa58bfb459a61fcd6154ab71ffe14c382e0892934dc6f1e15fcef56888c8589fddcbf34bc44b447ca7d36b76ee7a58c2c033a4060c9d1609df7b1239eed1c80cc4461d8adec2e9428e632145680bc5a9756263151a315b80f89be3c610e23ba4788911f51af923c5cf583905f759e139a1ceff95b2cb1c1d6d80c89220fb5860a6d66f42e4d66b905f2beb557b80bbf7bac6e1f36bb946151cba245ce1f75a5b4382c9be6cd20f7345d396dda1839cf1413fa7839751e250abdcb73a96b73291d9503f191fc5fbbecea493a57cb01b65c1c90d862b5643f4e2f75519be24e18e45c3c263e7a9de53e4fcd5d5c9406f4a053b7883763ab08620e0ce6b6cb247273938259fe96c778cdc55c12c648859aeee7dc31abf0fdae2a7040b8e6776a3826ea9e3317f2c8a26f251fb377444d9e02214b037c5c2154edbfb54cdac97c527985b0715df602a7e463481ad181323a3f118522e3d0c348f44c428501aa9eda0e319da945d31ba29355472b46d12bb4c93cd40bf45b4871a23ca416e9da02e357dc2c4aec65a7dd43c0fe4a46cbdd6e43bfcc877eb7d1d0e1a3ccf75f54766a1f54ef1a3a97f2e9d280bcf532688a8c0bd819aeba6a4183f9529460c6eaa6d117a71e3ffdf26a964bc169724ee02058daafe2c36977e49e2b68d6ebee2f5b8c1225e2105c9c70cf23195ea6ae2016b0721a839d4de1dead09a2f6a060720961151373620b3e3c0485a7fcc6fad58e54e381b581882cf808b8ef02f02ae19f1aeaa68c15e859fecf92ded4b247857ac2afa3f78bce53682c84997419cccc99db1f5c0afebac348c9896733efd7fa64b19157fe0337551a85bfb5ae1fa6318f81dfcb0cdabd55dda95e4ef36273167e21ba875ac275b4e1319f82bbcfb7cc6b299178718040b8a312fed8f4030e9f663ee6921c9d14bdc645c504f49d27535ca9b2a5986a63ad4bfac713c813881bbf1dc0458640cd4050026380bd1df36612d214acf76b5e4ca69e898ce2f3d6650e40fdf7a0796cafc4416e584a9b81f4762ac641940100c030ea80da2e3ea3f9eed738803528cbe0fdc28ac55f1cc623d5cae8aeb66a6a7ee912fa3310d0b89a411d851f8bbcd7295346b2512b96226e0e9bf9f783578dd7e8d4e302296abb2c97eb278b7efecb5c894cef083070a4859e5f2eebda35f66c48a66c41f6d0adc3b13a2ed6d4425255dbaac7965deabafc7ce85513a1fc99fecde85b0bd874582bdc6e79abfca8cbbaf3f819aef7e9d9ed5ea50c58ca62c54e574066bf463313f56a6d5adc8bedec621d80c2a425cecc7af1dfb497137a831765bab91d1fc61e598d9bbb37d88c4b36e640370998c9ce16e5bd4f5deedc13d8f2f357baac03ff2f1aec1ee8b8fbc6a6be48db2d93dcddd948661d2a428cdf048d18026c9281575f52c9ea92d912c8d2a1129e5dd17d832a540e2c179a7fc0cedac05347ba918550bfd1a3025d60d4abf2d2758e93d7cb6f6b58b4934f89bf41bfaf081bd36a8642c6e94beccaecdf6266044dc9fe079a06b8ba01199bcb9b3c1bac564dbeeea0bb360079a2891817d519425962f25742b734d65da238ef709e6a6142b46d48b03951606a0aa52a1981f786d76dfbf365f736b704f5b1e502ca7a86d6fe613f6f44a00e58f3d498c63d6aebe9dac9030fadd079b965db36b1253ba6f7f6940dc9313c8327a2aa4acfadad1570572cc607adeb5d56c80285d228d0448f3a6c1be04c489044aa206480f51a9276138a53c05a48ac549078f9b469b9bd11df30a27c34083ef839b7674a954a522d06f9b9e4a3f9056f82fd4cb004dd68265671698932382443a26867c010d14e411065adf7a832c47eaa6dabbd7b4a8c5f58827a4cc9a06950550cbc2983832df752a7555f0c7d8d2aeffddbbd004cf6ee6bf891f178dde13a463267bc890ea661b56a850276862eaf301ce386f0e803856a43baf183c4b9e5d96f1018d3e51cc27e5a8fa6bed54b67fd6222f20256ea98f0d8b72ffde26e4283f48d418c07599f176f05c50da3ceea2339db051ee3d73dd0ab76c6c0e7ff509da82d9c9cc0034d45d14f0a461991a6d99f34399d85f82148db84f1d40c55095370de30c620e9f3872445f94ef144f90f1cf5b2e8357141bc469e493ab79378d07e556bd1fa8c51479e0d2d6e03ccd61ba44a8ea05ff36f4ccd1813623fb44d480f4873a6451471cf203f807eef8782227e7c30b30438f8ed1454cd028441ad379634527bb415a9f3355043952fbd83a2e1dbb0b69b958a99e40ea4b1c6681003f2b6be6e12eb44cfe98bbc5576fa08d4c5f336875951ee2c56ffd5b24829210ca0e18f89d36d9219420f1a6cec894d35532e51c872fd3895d8e0d27d98212822ea31856816a4a4870862bdd8b7e377ee5f8fb96d386da74df60fb10b1e2d71634b41b01e514d4a2037fe2dfb9735a1998d28cbf6fe12b7aa9e81885ba683ac4bf3b8b631146d562d4c318c289b115acb387398ab5d07d854b6939a995d4a48dda7d3332dd41f5c1acf464c19a470f944073f7aa788f272e545673e69f13b6f705673e82bc5c05a9c02c4b60ecf967c4fcde17143ead44edddb008bc91f3421b2970f715b558a4c8340d4af05bee8d216315aae1c28d5e4ea95a1945bc427e73b1a2c710b08c89c8443c8b2adc735eb1d40b2bb8bc64931b62972bdf489baac613c860407c5aa6243da4e980886c6c39ea86e6cca0622b614938ec8bac64cee59e18ca1d4e66a4fefeb37ed4ffac30115fe9731d25f0510ad1909eb9bb9f239aa461c18b803aa1311c308764739cd6d8e46c242a821d6b78ddb2981f2a57d1f10a995fca113b081122a35406da70e810e6ef5cb1d1bbd5e2ed46c3f6e96dda55f488a0fa004fc1f475a8b914e68377d72a8bce2170501fff78186072419050e917193cc3aaac63854344fad57fb98050ea490017e13f7192620f4a8c263d8e9ed1e0ea7923dde5b6323c44f8d0e08433eb859f7b6cc974683218a0f66a937b9506b9d3c98988a1d82e7b30fa8189a339b8598ccd10e7805599c673af252047dfa65b4590090381861f5a9e1ad7c1bed2aed7d491840ce97769897512c5a23fe69d30ada10efb015fb74e713f87849ffc025a2334d6a60f433fe9fe9b3b81ac703dcacf554bda3c4fa28d55f5295c2c6ff9d8c936219f1c66a01a8cace606aca0e7fd64c1605c3f0099ce5866e8bf2a2723f0b5e6fae4c466a030ca2e89edf316b3ff45dd1b1c03456919244e7520ebbf4df01e7380dbc4a15471b86af6bd9aab8b468cb43644f2227f5bf819e69ca9e8bba4d9aba5d6270c6d5bcab43eb97d408c75ac125db7a146567ad2d33e3cea42250b6ba049a16331206be6d9cc746d5eb11eb77cbd628b205c96da3b3e7928bc08fe644b59b1b6f62ea161cf0d3880a8a0f7db492915914082e5275fa98ce444bdbd70843d4ef15e3628172f0d1adde842a5ed89e928d41d85b47ad10053c4a2fc4711702f6d49aabad0932e8105f8509fca6ad4c0606f547fca14db0e9a33817b69838cbadff59fe6cd6c9e91d32240385a194690c7c3590b8a9a1419533f9726cdca05238bbe8838855a04cbb6a4c940ee0e044d9fe3"}, &(0x7f0000000040)=0x1008)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000001200)={r3, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}}}, 0x84)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:37 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

22:02:37 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:37 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xf5ffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:37 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:37 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x1000000)

[  574.440132]         reason=80000021 qualification=0000000000000000
[  574.446480] IDTVectoring: info=00000000 errcode=00000000
[  574.451926] TSC Offset = 0xfffffeca5413ba00
[  574.456263] EPT pointer = 0x00000001d86dd01e
[  574.515561] hfsplus: unable to find HFS+ superblock
22:02:37 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xf0ffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  574.537036] *** Guest State ***
[  574.540384] *** Guest State ***
[  574.543969] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  574.554209] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  574.562288] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  574.574842] CR3 = 0x0000000000000000
[  574.574852] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:37 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

[  574.574864] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  574.574882] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  574.574894] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.574916] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.574936] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  574.574954] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.574973] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:37 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  574.575002] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.628340] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  574.654476] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  574.675267] hfsplus: unable to find HFS+ superblock
22:02:37 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88480000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:37 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x4000000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  574.676036] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  574.688447] CR3 = 0x0000000000000000
[  574.689930] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  574.698440] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  574.700724] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.716139] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  574.724610] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  574.731621] EFER =     0x0000000000000000  PAT = 0x0007040600070406
22:02:37 executing program 5:
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

[  574.745787] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  574.762521] Interruptibility = 00000000  ActivityState = 00000000
[  574.772276] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.789152] *** Host State ***
[  574.798073] RIP = 0xffffffff81212aae  RSP = 0xffff880188b9f350
[  574.799400] hfsplus: unable to find HFS+ superblock
[  574.805472] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.817283] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  574.827453] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  574.832226] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  574.845630] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.851717] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  574.855897] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.868294] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.868697] CR0=0000000080050033 CR3=00000001c9213000 CR4=00000000001426f0
[  574.879474] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  574.893254] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.901378] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  574.909784] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  574.914308] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  574.923653] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  574.937515] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  574.939903] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  574.952066] Interruptibility = 00000000  ActivityState = 00000000
[  574.953466] *** Control State ***
[  574.958482] *** Host State ***
[  574.965485] RIP = 0xffffffff81212aae  RSP = 0xffff880185b2f350
[  574.966231] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  574.971618] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  574.978531] EntryControls=0000d1ff ExitControls=002fefff
[  574.985289] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  574.990267] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  574.998456] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  575.005333] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  575.011345] CR0=0000000080050033 CR3=00000001bcf0e000 CR4=00000000001426e0
[  575.017868] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  575.025093] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  575.031470]         reason=80000021 qualification=0000000000000000
[  575.038870] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  575.044559] IDTVectoring: info=00000000 errcode=00000000
[  575.050821] *** Control State ***
[  575.056137] TSC Offset = 0xfffffec9d2473ad8
[  575.059896] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  575.063952] EPT pointer = 0x00000001cc6d501e
[  575.070844] EntryControls=0000d1ff ExitControls=002fefff
[  575.081238] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  575.088491] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  575.095502] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  575.103555]         reason=80000021 qualification=0000000000000000
[  575.109951] IDTVectoring: info=00000000 errcode=00000000
[  575.115591] TSC Offset = 0xfffffec9d0296f4f
[  575.120024] EPT pointer = 0x00000001d31f901e
22:02:38 executing program 1:
socketpair(0x0, 0x2200, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x300000a, 0x40050, r2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x100000000000009f, &(0x7f0000001440)=""/179, 0xb3}, 0xfffffffffffffffc}], 0x1, 0x40000000000000, &(0x7f0000001540)={0x77359400})
r4 = accept4$packet(r1, &(0x7f0000000040)={0x11, 0x0, <r5=>0x0}, &(0x7f0000000080)=0x14, 0x80000)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={@loopback, 0x6c, r5})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000200)={0x0, <r6=>0x0}, &(0x7f0000000240)=0xc)
getresgid(&(0x7f0000000280), &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000300))
stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
fsetxattr$system_posix_acl(r0, &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000400)={{}, {0x1, 0x7}, [{0x2, 0x0, r6}], {0x4, 0x2}, [{0x8, 0x2, r7}, {0x8, 0x5, r8}], {0x10, 0x4}, {0x20, 0x1}}, 0x3c, 0x2)
ioctl$RTC_UIE_OFF(r0, 0x7004)

22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4788, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:38 executing program 5:
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

22:02:38 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0xe000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x5000000)

22:02:38 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100), &(0x7f0000000200)=0xfe3c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$unix(0x1, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4000, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x2, r5, 0x1})

[  575.343804] *** Guest State ***
[  575.347256] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  575.356491] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  575.357356] hfsplus: unable to find HFS+ superblock
[  575.376294] CR3 = 0x0000000000000000
[  575.380269] *** Guest State ***
[  575.386178] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:38 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  575.393785] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  575.411723] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  575.423489] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  575.430767] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xd00000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  575.439484] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.450438] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  575.477713] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:02:38 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x40000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:38 executing program 5:
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

[  575.492394] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.511171] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.519928] CR3 = 0x0000000000000000
[  575.524828] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.536806] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8848000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  575.542898] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  575.549152] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  575.557426] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  575.564786] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.572292] hfsplus: unable to find HFS+ superblock
[  575.573112] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.595197] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.602119] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  575.611588] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.620511] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  575.630996] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:38 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x4000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:38 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

22:02:38 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x80350000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  575.639945] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  575.647704] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.656706] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  575.671790] Interruptibility = 00000000  ActivityState = 00000000
[  575.678981] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.701857] *** Host State ***
[  575.705561] RIP = 0xffffffff81212aae  RSP = 0xffff880187e97350
[  575.716390] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  575.743705] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.749511] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  575.766637] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  575.769545] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  575.783115] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  575.794891] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  575.801358] hfsplus: unable to find HFS+ superblock
[  575.807905] CR0=0000000080050033 CR3=00000001cc814000 CR4=00000000001426f0
[  575.815907] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  575.823158] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  575.823470] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  575.829400] *** Control State ***
[  575.836552] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  575.840145] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  575.847387] Interruptibility = 00000000  ActivityState = 00000000
[  575.860235] *** Host State ***
[  575.863605] RIP = 0xffffffff81212aae  RSP = 0xffff88018fd17350
[  575.864070] EntryControls=0000d1ff ExitControls=002fefff
[  575.869916] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  575.875661] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  575.881941] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  575.889202] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  575.916387] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  575.928303]         reason=80000021 qualification=0000000000000000
[  575.930840] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  575.936049] IDTVectoring: info=00000000 errcode=00000000
[  575.944193] CR0=0000000080050033 CR3=00000001cc0d4000 CR4=00000000001426f0
[  575.947133] TSC Offset = 0xfffffec96135d514
[  575.954136] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  575.957849] EPT pointer = 0x00000001c7f6401e
[  575.964325] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  575.964329] *** Control State ***
[  575.964337] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  575.964344] EntryControls=0000d1ff ExitControls=002fefff
22:02:38 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x6000)

[  575.964355] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  575.964364] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  575.964372] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  575.964379]         reason=80000021 qualification=0000000000000000
[  575.964385] IDTVectoring: info=00000000 errcode=00000000
[  575.964391] TSC Offset = 0xfffffec96218b291
[  575.964399] EPT pointer = 0x00000001cd55401e
[  576.023070] *** Guest State ***
[  576.032260] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  576.047722] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  576.058820] *** Guest State ***
[  576.062234] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  576.065382] CR3 = 0x0000000000000000
[  576.071197] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  576.075418] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  576.083858] CR3 = 0x0000000000000000
[  576.090204] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  576.093645] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  576.100078] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  576.114109] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  576.116837] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.128262] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  576.128849] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.135103] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.143505] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  576.153178] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.163065] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.167200] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  576.175536] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.183808] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.192764] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.199885] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.207732] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  576.215350] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.223686] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  576.231354] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  576.239708] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  576.247570] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  576.256071] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.263644] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  576.272140] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  576.279796] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.286549] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  576.300388] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  576.302274] Interruptibility = 00000000  ActivityState = 00000000
[  576.314623] *** Host State ***
[  576.317883] RIP = 0xffffffff81212aae  RSP = 0xffff880186d27350
[  576.321218] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  576.324311] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  576.331451] Interruptibility = 00000000  ActivityState = 00000000
[  576.338259] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  576.344892] *** Host State ***
[  576.352125] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  576.359438] RIP = 0xffffffff81212aae  RSP = 0xffff8801bfe37350
[  576.363557] CR0=0000000080050033 CR3=00000001cc814000 CR4=00000000001426f0
[  576.367186] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  576.374588] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  576.380632] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  576.387654] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  576.395350] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  576.402314] *** Control State ***
[  576.407954] CR0=0000000080050033 CR3=00000001cc0d4000 CR4=00000000001426e0
[  576.411848] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  576.418232] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  576.425284] EntryControls=0000d1ff ExitControls=002fefff
[  576.431667] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  576.437493] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  576.443295] *** Control State ***
[  576.450342] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  576.453766] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  576.460414] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  576.467267] EntryControls=0000d1ff ExitControls=002fefff
[  576.473956]         reason=80000021 qualification=0000000000000000
[  576.479311] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  576.485789] IDTVectoring: info=00000000 errcode=00000000
22:02:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0xf001, 0x1000, &(0x7f0000004000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000080)={0x103006, 0x2, 0x7, 0x3, 0x5})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:39 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x88caffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:39 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x40000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:39 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
openat$cgroup_procs(r1, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000800)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000880)=0xfffffffffffffe56)
lstat(&(0x7f0000000500)='./file0/file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000005c0)={{{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in, 0x4e23, 0x0, 0x4e20, 0x2, 0x2, 0x80, 0x20, 0x0, r3, r4}, {0xffffffffffffffff, 0x9, 0x3, 0xe649, 0xfffffffffffffff9, 0x4, 0x7eb, 0x3}, {0x52796948, 0xc4, 0x8, 0x2}, 0x101, 0x6e6bb8, 0x0, 0x1, 0x1, 0x3}, {{@in6=@loopback, 0x4d5, 0xff}, 0x2, @in=@local, 0x3500, 0x0, 0x1, 0x5ea, 0x9, 0x100, 0x1f}}, 0xe8)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
recvfrom$unix(r0, &(0x7f00000008c0)=""/125, 0x7d, 0x40, &(0x7f0000000940)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00')
sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01072dbd7000fedbdf250f0000004c000300140006000000000000000000000000000000000008000500ac1414151400060000000000000000000000ffff00000000080008000600000008000500ac1414bb08000500e00000021c000200080008000100000008000b000200000008000900050000002000010014000300ac14141b000000000000000000000000080004004e2200000c0002000800030004000000200003001400020076657468310000000000000000000000080003000300000040000300080001000200000014000600fe8000000000000000000000000000aa080007004e2100000800080000000000080003000200000008000100030000000c00030008000500000004010800050080000000"], 0x11c}}, 0x4000010)
setxattr$security_smack_entry(&(0x7f0000000480)='./file0/file0\x00', &(0x7f00000004c0)='security.SMACK64EXEC\x00', &(0x7f00000007c0)="7b776c616e312728707070301a2d1747504c297b00", 0x15, 0x3)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'U-', 0x400}, 0x28, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r5, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000780)={0x17, 0x90, &(0x7f00000006c0)="6c2531647f0908f524fb23cd5567fbef1f535ae6669f2dec72ae4fa3277f132ade7530734efc208451a5300715d4f628fb494f1168b92082bb479f7185a1dabbb4cc2e8984c197e8abead51c4861bf9354cfce890c20e8259d6a8a0a7b0776cd71874d27e434eac7b1310290dc4fdbf0ffaf9df584fa1ef117b9802f01773c37e488f6ce323bbd69852b54e2f657a23c"})
recvmmsg(r2, &(0x7f0000000200)=[{{0x0, 0xffffffffffffff2f, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3, 0x400000}}], 0x1, 0x0, &(0x7f0000001540))

[  576.493120] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  576.498184] TSC Offset = 0xfffffec96135d514
[  576.504846] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  576.509290] EPT pointer = 0x00000001c7f6401e
[  576.515843]         reason=80000021 qualification=0000000000000000
[  576.526644] IDTVectoring: info=00000000 errcode=00000000
[  576.532260] TSC Offset = 0xfffffec9004fe13b
[  576.536667] EPT pointer = 0x00000001d39e801e
22:02:39 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x3)

[  576.576099] hfsplus: unable to find HFS+ superblock
22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:39 executing program 5:
socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140)={0x0, <r0=>0x0}, &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid', 0x3d, r0}}]})

22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  576.666145] hfsplus: unable to find HFS+ superblock
22:02:39 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600))

22:02:39 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x4}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  576.712322] *** Guest State ***
[  576.718843] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:39 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xf3000100, 0x1, &(0x7f0000000000)=[{&(0x7f0000010000)="000000000000000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}])
r3 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x40000)
getsockopt$bt_sco_SCO_CONNINFO(r3, 0x11, 0x2, &(0x7f0000000400)=""/173, &(0x7f0000000180)=0xad)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fcntl$dupfd(r4, 0x0, r4)
setsockopt$bt_rfcomm_RFCOMM_LM(r5, 0x12, 0x3, &(0x7f0000000100)=0x8, 0x4)
ioctl$sock_inet_SIOCGIFPFLAGS(r3, 0x8935, &(0x7f0000000200)={'rose0\x00', 0xb6})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r6=>0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='/dev/kvm\x00'}, 0x30)
fcntl$setown(r2, 0x8, r6)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000004c0)={<r7=>0x0, @in={{0x2, 0x4e20}}, 0x1ff, 0x7f, 0x9, 0x2b2, 0x28}, &(0x7f0000000240)=0x98)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000580)={r7, @in={{0x2, 0x4e22, @broadcast}}}, 0x84)
ioctl$INOTIFY_IOC_SETNEXTWD(r3, 0x40044900, 0x7)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  576.769480] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  576.793172] hfsplus: unable to find HFS+ superblock
[  576.808725] CR3 = 0x0000000000000000
[  576.814278] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x800e0000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:39 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600))

[  576.842228] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  576.848228] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  576.872353] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.880373] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:39 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  576.914904] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  576.930506] hfsplus: unable to find HFS+ superblock
[  576.942523]  loop4: p1 < > p4
[  576.943092] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.958067] *** Guest State ***
[  576.967078] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  576.976949] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.985260] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  576.990878] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  576.993529] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  577.010592] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  577.020566] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  577.028813] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.037426] CR3 = 0x0000000000000000
[  577.041811] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  577.048486] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  577.056302] Interruptibility = 00000000  ActivityState = 00000000
[  577.056306] *** Host State ***
[  577.056319] RIP = 0xffffffff81212aae  RSP = 0xffff880183497350
[  577.056341] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  577.056353] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  577.056364] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  577.056378] CR0=0000000080050033 CR3=00000001c3fff000 CR4=00000000001426e0
[  577.056393] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  577.056405] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  577.056409] *** Control State ***
[  577.056417] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  577.056424] EntryControls=0000d1ff ExitControls=002fefff
[  577.056437] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  577.056446] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  577.056454] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  577.056462]         reason=80000021 qualification=0000000000000000
[  577.056468] IDTVectoring: info=00000000 errcode=00000000
[  577.056474] TSC Offset = 0xfffffec8ad978108
[  577.056482] EPT pointer = 0x00000001c2d8901e
[  577.093959] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  577.144038] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  577.157077] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  577.190296] loop4: p4 start 1854537728 is beyond EOD, truncated
[  577.196914] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.205799] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.216764] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  577.225367] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.233505] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.241498] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.249583] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  577.257723] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.265836] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  577.274070] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.282248] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  577.288735] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  577.288748] Interruptibility = 00000000  ActivityState = 00000000
[  577.302545] *** Host State ***
[  577.305819] RIP = 0xffffffff81212aae  RSP = 0xffff88017f4e7350
[  577.311877] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  577.318408] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  577.326341] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  577.332374] CR0=0000000080050033 CR3=00000001cf39e000 CR4=00000000001426e0
[  577.339493] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  577.346294] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  577.352830] *** Control State ***
[  577.356379] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  577.363210] EntryControls=0000d1ff ExitControls=002fefff
22:02:40 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x54000, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f00000002c0)={@mcast2, <r3=>0x0}, &(0x7f0000000100)=0x14)
setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000001c0)={r3, @dev={0xac, 0x14, 0x14, 0x12}, @local}, 0xc)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r2, 0xc08c5334, &(0x7f0000000200)={0x3, 0x6c9, 0x0, 'queue0\x00', 0x10})
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3, 0x8000000}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:40 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x800000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:40 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xe80, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:40 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x231860)

22:02:40 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600))

[  577.368735] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  577.375736] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  577.382505] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  577.389153]         reason=80000021 qualification=0000000000000000
[  577.395556] IDTVectoring: info=00000000 errcode=00000000
[  577.401542] TSC Offset = 0xfffffec89465e204
[  577.406309] EPT pointer = 0x00000001c29db01e
22:02:40 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xffffdd86, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  577.440933] hfsplus: unable to find HFS+ superblock
22:02:40 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:40 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

[  577.613174] hfsplus: unable to find HFS+ superblock
22:02:40 executing program 4:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x101040, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000240)=0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
creat(&(0x7f0000000180)='./file0\x00', 0x101)
r4 = memfd_create(&(0x7f00000000c0)='ppp0Kem0!ppp0:\x00', 0x5)
ioctl$RTC_ALM_SET(r4, 0x40247007, &(0x7f0000000100)={0x2b, 0x0, 0x1, 0x17, 0x5, 0x6, 0x6, 0x15d})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
fsetxattr$trusted_overlay_opaque(r3, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:02:40 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xe000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:40 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="204dbcebd6009f8c700616e82bfde8", 0xf}, {&(0x7f0000000080)="3adaa3ebb8df24390f97f8d64c554a8a71a9681e70b778274ca3d3d7b17e29e3ccb2d72fc2d2b34050ec6e1b39bffab9f96d0baa2ea76d38354c8d31cae98ebd103c108cf6a9c2fa", 0x48}], 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:40 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  577.795467] *** Guest State ***
[  577.799255] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  577.812386] *** Guest State ***
[  577.816113] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  577.825675] CR3 = 0x0000000000000000
[  577.830366] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  577.836193] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  577.836786] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  577.851625] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  577.851811] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  577.858812] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.867742] CR3 = 0x0000000000000000
[  577.875858] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.879835] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  577.888036] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  577.893548] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  577.901739] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.907913] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  577.915910] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.922340] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.930596] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.939088] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.954445] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  577.956419] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  577.962661] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.972398] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.983927] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  577.986924] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  577.994922] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.002940] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.010713] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.018996] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  578.026811] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.033882] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  578.041224] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.048929] Interruptibility = 00000000  ActivityState = 00000000
[  578.056805] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.063288] *** Host State ***
[  578.071063] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  578.074508] RIP = 0xffffffff81212aae  RSP = 0xffff880183707350
[  578.080750] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  578.087050] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  578.094288] Interruptibility = 00000000  ActivityState = 00000000
[  578.100892] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  578.106976] *** Host State ***
[  578.115079] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  578.118053] RIP = 0xffffffff81212aae  RSP = 0xffff88018e9ff350
[  578.124157] CR0=0000000080050033 CR3=00000001cf7a4000 CR4=00000000001426f0
[  578.129928] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  578.137294] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  578.143401] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  578.150368] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  578.158047] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  578.164523] *** Control State ***
[  578.170056] CR0=0000000080050033 CR3=00000001cd167000 CR4=00000000001426e0
[  578.174201] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  578.180674] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  578.187634] EntryControls=0000d1ff ExitControls=002fefff
[  578.194107] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  578.199849] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  578.205748] *** Control State ***
[  578.212953] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  578.216125] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  578.223086] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  578.229561] EntryControls=0000d1ff ExitControls=002fefff
[  578.236440]         reason=80000021 qualification=0000000000000000
[  578.242069] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  578.248504] IDTVectoring: info=00000000 errcode=00000000
[  578.255169] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  578.266692] TSC Offset = 0xfffffec811471aa3
[  578.268375] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  578.271601] EPT pointer = 0x00000001c2f8901e
[  578.278122]         reason=80000021 qualification=0000000000000000
[  578.289467] IDTVectoring: info=00000000 errcode=00000000
22:02:41 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000200)}, 0x20)
recvmmsg(r3, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000000300), 0x34a, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
sendto$inet(r0, &(0x7f0000000280)="2aa22bd82c48ed6e44dc135755c9dfafe934a0ed7074ba5c40175ac99b5cf4fbddda0f1d77", 0x25, 0x8000, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x9}]})
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000100)={<r5=>0x0}, &(0x7f00000001c0)=0xc)
sched_getscheduler(r5)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000200)={0x3, <r6=>0x0, 0x2, 0x5})
ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000240)={0x40, r6})

22:02:41 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

22:02:41 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x800e000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:41 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x3f00}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  578.294990] TSC Offset = 0xfffffec80fd7e3dc
[  578.299323] EPT pointer = 0x00000001d38e801e
[  578.332360] *** Guest State ***
[  578.335737] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  578.348475] hfsplus: unable to find HFS+ superblock
22:02:41 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8100, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x21c0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000000000)={0xfffffffffffffff8, 0x9af3, 0xeec, 0x2, 0x1})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:41 executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f00000001c0)=0xc)
syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f0000000600)={[{@uid={'uid'}}]})

22:02:41 executing program 1:
socketpair(0x0, 0x9720840fa883c656, 0x200000000, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000240)=0x5)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
r4 = accept4$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, &(0x7f0000000140)=0x10, 0x80000)
fcntl$getown(r2, 0x9)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040), 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r4, &(0x7f0000000200)={0x14})

[  578.380398] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  578.413697] CR3 = 0x0000000000000000
[  578.417509] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:41 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xe}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:41 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8906, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  578.483496] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  578.489510] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  578.489716] *** Guest State ***
[  578.514489] hfsplus: unable to find HFS+ superblock
[  578.525263] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.538867] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  578.550722] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.563793] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  578.588974] CR3 = 0x0000000000000000
[  578.593422] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  578.613181] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  578.619031] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  578.620845] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  578.630817] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.634195] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.642569] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.650365] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.658673] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.666774] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  578.675109] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.682596] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.690625] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.698444] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.698461] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.706890] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.714564] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.723260] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.730562] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.739514] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  578.758666] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  578.761882] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  578.773751] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  578.777405] Interruptibility = 00000000  ActivityState = 00000000
[  578.785082] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  578.785093] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  578.785103] Interruptibility = 00000000  ActivityState = 00000000
[  578.785106] *** Host State ***
[  578.785118] RIP = 0xffffffff81212aae  RSP = 0xffff880188a6f350
[  578.785139] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  578.785150] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  578.785161] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  578.785174] CR0=0000000080050033 CR3=00000001c0755000 CR4=00000000001426e0
[  578.785189] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  578.792051] *** Host State ***
[  578.797950] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  578.827423] RIP = 0xffffffff81212aae  RSP = 0xffff880188c17350
[  578.835306] *** Control State ***
[  578.841441] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  578.848327] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  578.864550] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  578.870314] EntryControls=0000d1ff ExitControls=002fefff
[  578.874160] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  578.880210] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  578.887137] CR0=0000000080050033 CR3=00000001cf7a4000 CR4=00000000001426f0
[  578.894763] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  578.900670] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  578.906164] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  578.913298] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  578.920169]         reason=80000021 qualification=0000000000000000
[  578.927124] *** Control State ***
[  578.933523] IDTVectoring: info=00000000 errcode=00000000
[  578.940170] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  578.946206] TSC Offset = 0xfffffec7b41dd16f
[  578.953210] EntryControls=0000d1ff ExitControls=002fefff
[  578.956014] EPT pointer = 0x00000001cc9bf01e
[  578.961445] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:02:41 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x8001}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, {}, {}, {}, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x77b]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)={0x3, 0x0, [{}, {}, {}]})

22:02:41 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xfffffff5}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:41 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8848, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:41 executing program 1:
socketpair(0x0, 0x6, 0x40000000000000, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f00000004c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0xfffffffffffffe25)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
readv(r1, &(0x7f0000000100)=[{&(0x7f0000000040)=""/75, 0x4b}, {&(0x7f00000001c0)=""/210, 0xd2}, {&(0x7f00000002c0)=""/166, 0xa6}], 0x3)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000003c0)={<r4=>0x0, 0x46, "59f9c555d6af9fff77e8c52ce6428ceaeafaf45993fdb6efe086bae5d78c103bc9fe69d73b7025e02aba97aa1493fe9f9729bc4bbdedd63be2bccbd0d9ba7d56b391dae38301"}, &(0x7f0000000140)=0x4e)
getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000440)=@assoc_id=r4, &(0x7f0000000480)=0x4)

22:02:41 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x800000000000006)
ioctl(r0, 0x8912, &(0x7f0000000040)="2ec66234fbffd25d766070")
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0xfffffffbbfffffff, 0x6, 0x0, @buffer={0x0, 0xe9, &(0x7f0000000080)=""/233}, &(0x7f00000002c0)="9b247f9c1793", &(0x7f0000000240)=""/126, 0x0, 0x0, 0x0, &(0x7f0000000480)})
write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[], 0xf6)
read(r1, &(0x7f0000000200)=""/42, 0x2a)

[  578.978762] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  578.989493] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  579.006745]         reason=80000021 qualification=0000000000000000
[  579.013312] IDTVectoring: info=00000000 errcode=00000000
[  579.018768] TSC Offset = 0xfffffec811471aa3
[  579.023126] EPT pointer = 0x00000001c2f8901e
22:02:41 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x800e, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:41 executing program 5:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
mount(&(0x7f0000000180)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='ubifs\x00', 0x0, &(0x7f0000000280)='dctcp\x00')

22:02:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x8080)
getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f00000029c0)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000002ac0)=0xe8)
ioctl$HCIINQUIRY(r4, 0x800448f0, &(0x7f0000002b00)={r5, 0x204700a0, 0x0, 0x6, 0x8001, 0x3ff, 0xfffffffffffffff9})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x7, 0x7, r4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:42 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000001c0)={&(0x7f0000000000)=[0xffffffffffffffb5, 0x5, 0x9, 0x800], 0x4, 0x9432, 0x963, 0x0, 0x7fff, 0x39d, {0x9ae, 0x80000000, 0x2, 0x1000, 0x4, 0x0, 0x9, 0x7, 0x8001, 0x200, 0x2, 0x1f, 0x5bb, 0x7, "93ce35ec24fbb5afed60090c053738cea543c2b8e3582d955b663eac9bbae135"}})
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r1, &(0x7f0000000000), &(0x7f0000000240)="ff8135661fb43cdd9d9ea61ac0d8b3a7ce20cc9d0b33e41739d28c332b007282b85833ee790d6dfe32b30d28176ffbf25d835c9e380485c58fc6e75fdfda8d68026f097485eb4467d0186b05a15f08ea113e87ebb5863872cff17e8bd9a4e2310e9e175832560f7e4f7c3ee0310ecf01e0220625f752a749fea9bc5f3b4f"}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:42 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:42 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4)
sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffd32, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10)
shutdown(r1, 0x1)

[  579.127410] *** Guest State ***
[  579.139867] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  579.148066] UBIFS error (pid: 21104): cannot open "/dev/sg0", error -22
[  579.153070] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  579.195640] CR3 = 0xffffffffffffffff
22:02:42 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xe00000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  579.222459] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  579.242331] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  579.256369] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  579.269329] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.292694] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.303824] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  579.315278] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.328992] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.338281] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.346659] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  579.355121] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.363641] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  579.371709] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.379811] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  579.386319] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  579.393809] Interruptibility = 00000000  ActivityState = 00000000
[  579.400033] *** Host State ***
[  579.403272] RIP = 0xffffffff81212aae  RSP = 0xffff8801bc03f350
[  579.409252] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  579.415712] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  579.423542] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  579.429431] CR0=0000000080050033 CR3=00000001ccaad000 CR4=00000000001426e0
[  579.436496] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  579.443213] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  579.449262] *** Control State ***
[  579.452742] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000ca
[  579.459400] EntryControls=0000d1ff ExitControls=002fefff
[  579.464906] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  579.471826] VMEntry: intr_info=800000c0 errcode=00000000 ilen=00000000
[  579.478519] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  579.485114]         reason=80000021 qualification=0000000000000000
[  579.491411] IDTVectoring: info=00000000 errcode=00000000
[  579.496882] TSC Offset = 0xfffffec75ec8a3df
[  579.501211] EPT pointer = 0x00000001d805201e
[  579.542219] *** Guest State ***
[  579.545550] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  579.554882] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  579.563766] CR3 = 0xffffffffffffffff
[  579.567479] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  579.573478] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  579.579468] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  579.586162] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.594152] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.602186] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  579.610166] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.610189] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.626818] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.635017] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  579.643076] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  579.651051] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  579.659132] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  579.667129] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  579.673614] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  579.681060] Interruptibility = 00000000  ActivityState = 00000000
[  579.687357] *** Host State ***
[  579.690554] RIP = 0xffffffff81212aae  RSP = 0xffff88017dd97350
[  579.696581] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  579.703026] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  579.710902] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  579.716822] CR0=0000000080050033 CR3=00000001ccaad000 CR4=00000000001426e0
[  579.723882] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  579.730544] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  579.736631] *** Control State ***
22:02:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0xffff, 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:42 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xf0ffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:42 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040)="87caa30099aa52242c96f65a4624457930bc9cff351f145c5e4c8e8c449ed293f28867f06ecd9158c838c2e3de00", &(0x7f0000000080)=""/26}, 0x18)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:42 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000080)=0x4)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:42 executing program 5:
pipe2(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x84800)
write$sndseq(r1, &(0x7f0000000100), 0xfffffe39)
perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
read(r0, &(0x7f0000000000)=""/126, 0x1c)

[  579.740082] PinBased=0000003f CPUBased=b5986dfe SecondaryExec=000000ca
[  579.746785] EntryControls=0000d1ff ExitControls=002fefff
[  579.752255] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  579.759203] VMEntry: intr_info=800000c0 errcode=00000000 ilen=00000000
[  579.765916] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  579.772533]         reason=80000021 qualification=0000000000000000
[  579.778836] IDTVectoring: info=00000000 errcode=00000000
[  579.784306] TSC Offset = 0xfffffec75ec8a3df
[  579.788652] EPT pointer = 0x00000001d805201e
22:02:42 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:42 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100010001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:42 executing program 5:
r0 = socket(0x840000000002, 0x3, 0xff)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
sendmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001700)="92f96847619a1df7defaf7569203110600bbd828", 0x14}], 0x1, &(0x7f0000000600)}}], 0x1, 0x0)

22:02:42 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  579.890838] *** Guest State ***
[  579.904580] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  579.917904] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:42 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00')
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000080)={<r3=>0x0, 0x3ff}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={<r4=>r3, 0x6}, &(0x7f0000000180)=0x8)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
getcwd(&(0x7f0000000200)=""/5, 0x5)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000240)={0x7, 0xb588, 0x200, 0x4, 0x1036, 0x31a6, 0x3, 0x6, r4}, 0x20)

[  579.941665] CR3 = 0x0000000000000000
[  579.953000] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  579.972794] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  579.979183] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  580.024659] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.057140] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.067756] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  580.078780] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.087341] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.096185] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.104722] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  580.117112] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.125575] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  580.137581] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.157456] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  580.164352] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  580.176350] Interruptibility = 00000000  ActivityState = 00000000
[  580.183656] *** Host State ***
[  580.186946] RIP = 0xffffffff81212aae  RSP = 0xffff8801b9ea7350
[  580.193313] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  580.199829] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  580.207988] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  580.214285] CR0=0000000080050033 CR3=00000001cf4e4000 CR4=00000000001426e0
[  580.221291] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  580.228003] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  580.234137] *** Control State ***
[  580.237576] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  580.244268] EntryControls=0000d1ff ExitControls=002fefff
[  580.249724] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  580.256707] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  580.263412] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  580.269983]         reason=80000021 qualification=0000000000000000
[  580.276335] IDTVectoring: info=00000000 errcode=00000000
[  580.281781] TSC Offset = 0xfffffec6f462d79a
[  580.286148] EPT pointer = 0x00000001c916d01e
[  580.296845] *** Guest State ***
[  580.300217] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  580.309170] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  580.318075] CR3 = 0x0000000000000000
[  580.321784] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  580.327777] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  580.333801] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  580.340465] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.348503] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.356543] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  580.356566] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.373083] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.381065] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.389181] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  580.397204] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.405390] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  580.413423] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  580.421391] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  580.427842] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  580.435313] Interruptibility = 00000000  ActivityState = 00000000
[  580.441528] *** Host State ***
[  580.444740] RIP = 0xffffffff81212aae  RSP = 0xffff8801b9ea7350
[  580.450713] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  580.457141] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  580.464971] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  580.470857] CR0=0000000080050033 CR3=00000001cf4e4000 CR4=00000000001426e0
[  580.477911] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  580.484954] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  580.491015] *** Control State ***
[  580.494494] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  580.501154] EntryControls=0000d1ff ExitControls=002fefff
[  580.506641] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  580.513608] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  580.520300] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  580.526922]         reason=80000021 qualification=0000000000000000
[  580.533255] IDTVectoring: info=00000000 errcode=00000000
[  580.538685] TSC Offset = 0xfffffec6f462d79a
[  580.543031] EPT pointer = 0x00000001c916d01e
22:02:45 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x3f00000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:45 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
utime(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x6, 0x1})
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000100)={0x0, 0x8, [0x1, 0x200]})

22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:45 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:45 executing program 4:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f000000e000/0x1000)=nil, 0x1000}, &(0x7f00000000c0)=0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:02:45 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000000))
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r4, 0x104)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000001640)=0x3, 0x4)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYRES64=r5], 0x1}}, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x84000)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)
r6 = socket$l2tp(0x18, 0x1, 0x1)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000740)={{{@in=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f0000000840)=0xe8)
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000880)={@mcast1, @local, @dev={0xfe, 0x80, [], 0x12}, 0x2, 0x4, 0xe62, 0x100, 0x9, 0x80000, r7})
setxattr$security_smack_transmute(&(0x7f0000000fc0)='./file0\x00', &(0x7f0000001000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000001040)='TRUE', 0x4, 0x1)
connect$l2tp(r6, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x4}}, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr, 0x0, 0x2b}, 0x0, @in6=@mcast2}}, 0xe8)
sendmmsg(r6, &(0x7f0000005fc0), 0x800000000000059, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x1}})

22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x5c00, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  582.312570] *** Guest State ***
[  582.315893] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x3580, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  582.353490] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  582.369908] CR3 = 0x0000000000000000
[  582.378511] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  582.386684] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  582.408602] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  582.427088] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.439635] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.448248] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:45 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  582.456793] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.465319] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.494790] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  582.533665] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  582.573680] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.602338] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  582.611694] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.629221] EFER =     0x0000000000000000  PAT = 0x0007040600070406
22:02:45 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xb00, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  582.652908] *** Guest State ***
[  582.658931] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  582.666847] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  582.667972] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  582.684227] CR3 = 0x0000000000000000
[  582.688076] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  582.694190] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  582.700672] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  582.707760] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.718195] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.740376] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  582.742219] Interruptibility = 00000000  ActivityState = 00000000
[  582.757358] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.765771] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.773894] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.781977] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  582.790298] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  582.798594] *** Host State ***
[  582.802215] RIP = 0xffffffff81212aae  RSP = 0xffff88017dd97350
[  582.809383] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  582.817669] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  582.824379] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  582.832405] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  582.832513] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  582.838534] CR0=0000000080050033 CR3=00000001cbef8000 CR4=00000000001426e0
[  582.846749] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  582.854137] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  582.860368] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  582.867109] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  582.874757] Interruptibility = 00000000  ActivityState = 00000000
[  582.880712] *** Control State ***
[  582.886830] *** Host State ***
[  582.891085] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  582.893620] RIP = 0xffffffff81212aae  RSP = 0xffff88017fa77350
[  582.900538] EntryControls=0000d1ff ExitControls=002fefff
[  582.906366] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  582.912303] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  582.918647] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  582.925506] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  582.933105] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  582.940092] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  582.945710] CR0=0000000080050033 CR3=00000001cd74c000 CR4=00000000001426f0
[  582.952635]         reason=80000021 qualification=0000000000000000
[  582.959392] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  582.966261] IDTVectoring: info=00000000 errcode=00000000
[  582.972512] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  582.978246] TSC Offset = 0xfffffec5a8a9588c
[  582.984151] *** Control State ***
[  582.988928] EPT pointer = 0x00000001d3fd901e
[  582.991938] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  583.003088] EntryControls=0000d1ff ExitControls=002fefff
[  583.003111] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  583.003125] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  583.015539] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  583.028810]         reason=80000021 qualification=0000000000000000
[  583.028818] IDTVectoring: info=00000000 errcode=00000000
[  583.028824] TSC Offset = 0xfffffec5a629f4c6
[  583.028833] EPT pointer = 0x00000001cd6e201e
[  583.037387] *** Guest State ***
[  583.055355] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  583.065944] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  583.075262] CR3 = 0x0000000000000000
[  583.079124] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  583.085297] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  583.091274] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  583.098654] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.106755] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.114851] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  583.122875] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.130863] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.138955] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.147046] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  583.155086] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.163117] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  583.171089] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  583.179094] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  583.185551] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  583.193045] Interruptibility = 00000000  ActivityState = 00000000
[  583.199279] *** Host State ***
[  583.202521] RIP = 0xffffffff81212aae  RSP = 0xffff88017dd97350
[  583.208509] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  583.215073] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  583.222933] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  583.228813] CR0=0000000080050033 CR3=00000001cbef8000 CR4=00000000001426e0
[  583.235860] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  583.242564] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  583.248609] *** Control State ***
[  583.252128] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  583.258790] EntryControls=0000d1ff ExitControls=002fefff
[  583.264277] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  583.271206] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  583.277924] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  583.284531]         reason=80000021 qualification=0000000000000000
[  583.290834] IDTVectoring: info=00000000 errcode=00000000
[  583.296314] TSC Offset = 0xfffffec5a8a9588c
[  583.300637] EPT pointer = 0x00000001d3fd901e
22:02:48 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xffffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:48 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x100, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000180)={<r3=>0x0, 0x8001, 0x4, [0x8, 0x1, 0x3, 0x5]}, &(0x7f00000001c0)=0x10)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={r3, 0xc1a4, 0x0, 0x5, 0x5, 0xcb}, &(0x7f0000000240)=0x14)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

22:02:48 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040)=ANY=[@ANYRES32=<r4=>0x0, @ANYBLOB="61000000c0d0827c9d22419ca55d42bded602716c628ead2da40c9d10b3ce381f4a378960f18ee5ec15e2de2459e539b70ed4e3b25be8593705c5ddbbdb57d14dcbcae18fd09eb657c26a93f9a3a0d1e6fb12bb951f5cc6ec0000000000000000000000000"], &(0x7f0000000100)=0x69)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={<r5=>r4, 0xffffffffffffff67}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000240)=r5, 0x4)

22:02:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
setsockopt$inet6_dccp_buf(r0, 0x21, 0x0, &(0x7f0000000080)="9cdf70205e1b0f5cbd62fcf3622854facf4cb9", 0x13)
r3 = memfd_create(&(0x7f0000000100)='}\x00', 0x6)
getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000180), &(0x7f0000000200)=0xc)
ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000240)={'syz_tun\x00', {0x2, 0x4e23, @broadcast}})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f0000000540)={0x8, 0x4, 0xfff, 'queue1\x00', 0xba60})
write$P9_RFLUSH(r0, &(0x7f0000000000)={0x7, 0x6d, 0x1}, 0x7)
ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000600)=""/50)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x329180, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000400)={{0x17000, 0x100000, 0x9, 0xa3, 0x8, 0x7, 0x5, 0x6067, 0x8, 0x5, 0x3f, 0x7fffffff}, {0xd000, 0xf000, 0x0, 0x0, 0x4, 0x6, 0x6, 0x6b, 0x6, 0xa5d0000, 0x10001, 0x8001}, {0xf000, 0xf000, 0xf, 0x7e9f, 0xffffffff, 0xfffffffffffffffe, 0x200, 0x1, 0x4, 0x100000000, 0x80, 0x20}, {0x1, 0x100004, 0x4, 0x1, 0x4, 0x6, 0x9, 0x5, 0x1f, 0x0, 0x9, 0x20}, {0x2001, 0x6000, 0x8, 0x20, 0x401, 0x1fc00000000, 0x0, 0x0, 0x4b, 0x8, 0x0, 0x8}, {0x6000, 0xf000, 0xe, 0x4, 0xfffffffffffff7be, 0x400, 0xf4, 0x4, 0xff, 0x4, 0x80}, {0x0, 0x2000, 0x0, 0x3, 0xfff, 0x9, 0x7, 0x8b5d, 0xbaa, 0x0, 0xb47b}, {0x4, 0x0, 0x10, 0x0, 0x3f, 0x6dec, 0xfffffffffffffff8, 0x1, 0x7, 0x10000, 0x8}, {0x0, 0x5002}, {0xf002, 0x4000}, 0x40000000, 0x0, 0x10000, 0x40000, 0x8, 0x1000, 0x0, [0x8, 0x0, 0x0, 0x10001]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xffffca88, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.356438] *** Guest State ***
[  585.359756] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  585.382319] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  585.391636] *** Guest State ***
[  585.394079] CR3 = 0x0000000000000000
[  585.398850] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8864000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.406309] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  585.412752] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  585.413435] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  585.425650] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:48 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)

[  585.452237] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  585.462863] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.472165] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  585.484782] CR3 = 0x0000000000000000
[  585.490919] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.496058] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x86ddffff00000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.514188] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  585.523246] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  585.535176] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.552460] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:48 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xfeffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0xb00000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.560457] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.573174] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.581786] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  585.590132] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.598917] GDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:48 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)

[  585.608768] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.625306] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.633929] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.641983] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  585.650147] GDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x8847000000000000, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.658639] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.671291] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.686710] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  585.693762] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  585.702105] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
22:02:48 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x806, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  585.717534] Interruptibility = 00000000  ActivityState = 00000000
[  585.723988] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  585.742228] *** Host State ***
[  585.746055] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  585.752704] RIP = 0xffffffff81212aae  RSP = 0xffff8801c076f350
[  585.758702] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  585.766678] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  585.774229] Interruptibility = 00000000  ActivityState = 00000000
[  585.780563] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  585.788528] *** Host State ***
[  585.791788] RIP = 0xffffffff81212aae  RSP = 0xffff88017dd97350
[  585.802223] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  585.808144] CR0=0000000080050033 CR3=00000001c461b000 CR4=00000000001426e0
[  585.818973] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  585.825506] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  585.833395] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  585.833871] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  585.839342] CR0=0000000080050033 CR3=00000001baa41000 CR4=00000000001426e0
[  585.853216] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  585.859985] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  585.866335] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  585.872625] *** Control State ***
[  585.876140] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  585.882993] EntryControls=0000d1ff ExitControls=002fefff
[  585.883338] *** Control State ***
[  585.888526] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  585.892495] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  585.898958] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  585.906212] EntryControls=0000d1ff ExitControls=002fefff
[  585.912338] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  585.912346]         reason=80000021 qualification=0000000000000000
[  585.912352] IDTVectoring: info=00000000 errcode=00000000
[  585.912358] TSC Offset = 0xfffffec404b4be5e
[  585.912367] EPT pointer = 0x00000001cec9201e
[  585.931705] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  585.940918] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  585.940926] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  585.940934]         reason=80000021 qualification=0000000000000000
[  585.940941] IDTVectoring: info=00000000 errcode=00000000
[  585.940947] TSC Offset = 0xfffffec405b9b611
[  585.940956] EPT pointer = 0x00000001cebaa01e
[  585.972300] *** Guest State ***
[  585.982265] *** Guest State ***
[  585.989799] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  585.999248] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  586.003117] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  586.011334] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  586.019765] CR3 = 0x0000000000000000
[  586.028947] CR3 = 0x0000000000000000
[  586.032369] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  586.036286] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  586.042229] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  586.054191] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  586.060956] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.069119] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.069497] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  586.077267] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  586.091459] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.097268] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  586.100821] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.106653] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.114817] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.122702] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.130343] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  586.139644] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  586.146489] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  586.154771] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.162769] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.172116] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.178466] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.191328] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.195178] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  586.202885] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  586.209143] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  586.217788] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  586.225200] Interruptibility = 00000000  ActivityState = 00000000
[  586.238660] *** Host State ***
[  586.241922] RIP = 0xffffffff81212aae  RSP = 0xffff880186c97350
[  586.244596] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.248519] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  586.260456] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.263947] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  586.270562] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  586.278352] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  586.285497] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  586.290694] CR0=0000000080050033 CR3=00000001baa41000 CR4=00000000001426e0
[  586.298642] Interruptibility = 00000000  ActivityState = 00000000
[  586.305485] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  586.311630] *** Host State ***
[  586.318299] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  586.322154] RIP = 0xffffffff81212aae  RSP = 0xffff8801c41ff350
[  586.327570] *** Control State ***
[  586.333783] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  586.336979] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  586.343685] FSBase=00007f0848ae7700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  586.350114] EntryControls=0000d1ff ExitControls=002fefff
[  586.358282] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  586.363408] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  586.369652] CR0=0000000080050033 CR3=00000001c461b000 CR4=00000000001426e0
[  586.376722] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  586.383491] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  586.390065] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  586.396856] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  586.403358]         reason=80000021 qualification=0000000000000000
[  586.409512] *** Control State ***
[  586.415839] IDTVectoring: info=00000000 errcode=00000000
[  586.419370] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  586.424744] TSC Offset = 0xfffffec404b4be5e
[  586.431564] EntryControls=0000d1ff ExitControls=002fefff
[  586.435834] EPT pointer = 0x00000001cec9201e
[  586.441381] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  586.452993] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  586.461959] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
22:02:49 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x101000, 0x0)
sendto$inet6(r3, &(0x7f0000000080)="7490ff2728545d93e0eff4bcc53932a2bf9926409f09022df709d474181549859344663f55d519e9355752fda7d521bd612baeb1d97770756d7ca75e9d691fd55392213f1d66a3d95e53b52fd19a9dede0e40e39285371f5cb997d866d8cb66942344c09e37b8bf0a6dc5c6bbd0b6d943add5fb359c27478610d3640fe0e6112cf02e065c8ca46dfc9f62c", 0x8b, 0x4, &(0x7f0000000180)={0xa, 0x4e21, 0x4, @mcast1, 0x1}, 0x1c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:49 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)

22:02:49 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x1000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:49 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:49 executing program 1:
r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x3f, 0x400)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080)="b26e4d05d423cd2c3abbb6feed0d62f1aab904ac49a377bc059fc6c503cc6a6f2b7bc8ea752202db31750c79d201f7e84b7b47f2e1", &(0x7f00000001c0)="f5bc68d76943218162ab75ae8e02d640c0cc5e469ebcee015aac5d9ddb6469e672161d44827b9b46a5df78230c1463f463c691ec9b197d79da5caf1fffd75cad48ea7a91ed5e9f65fdf78689e9fabb3a577293bc88cc59ceff35c59b74a2af9a489804299c8f0a7dde2bb88c82f430cd4d3f14443b99160980efb3a4067c05e18f02bf8298f253726cc2dfc019eed11f4becdef32976628e6da9ed588d5903bb1a77241f63f9fa0a64c541c60523e4269c20de91c110c8b6bed96372f6bdecf8feef8d79e9ac0f86"}, 0x20)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000d80))
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4, @rand_addr=0x2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000dc0)=""/241, 0xf1}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000ec0)=""/85, 0x55}, {&(0x7f0000000f40)=""/165, 0xa5}, {&(0x7f0000001000)=""/58, 0x3a}, {&(0x7f0000001040)=""/23, 0x17}, {&(0x7f0000001080)=""/106, 0x6a}], 0x7, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
write$binfmt_aout(r3, &(0x7f00000002c0)={{0x1cf, 0x40, 0x9, 0x6b, 0x25, 0x6, 0x2b4, 0x3}, "8a86b7f9cd7361c301a72b53835f0a9f9df5bade329120fb7ae962bcc6b56c46637de4b1826bfd4de89b11d75785f4e2258df5a8af04377d44b75d06eb0866a706009a577f72f6a59f19f7bf4361f54162720073fa4b810f5ad300d6f0b7c1d2d6637f1cc535266b", [[], [], [], [], [], [], [], [], [], []]}, 0xa88)

22:02:49 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
fchmod(r2, 0x100)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  586.468666]         reason=80000021 qualification=0000000000000000
[  586.475118] IDTVectoring: info=00000000 errcode=00000000
[  586.480699] TSC Offset = 0xfffffec405b9b611
[  586.486243] EPT pointer = 0x00000001cebaa01e
22:02:49 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:49 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:49 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
futex(&(0x7f0000000040)=0x2, 0xb, 0x0, &(0x7f0000000080), &(0x7f0000000100), 0x2)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  586.571046] *** Guest State ***
[  586.580216] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  586.598132] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:49 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:49 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8906, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  586.627255] *** Guest State ***
[  586.632664] CR3 = 0x0000000000000000
[  586.636535] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  586.640162] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  586.643468] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  586.666964] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:49 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x40000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  586.696235] CR3 = 0x0000000000000000
[  586.703512] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  586.710588] RSP = 0x0000000000000f80  RIP = 0x0000000000000035
[  586.727395] RFLAGS=0x00000046         DR7 = 0x0000000000000400
[  586.741468] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.745359] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  586.757656] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.762863] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.771149] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  586.778049] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.791825] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  586.798159] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.803535] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.817322] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.821982] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.828036] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.833570] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.841801] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.850411] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.858255] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.865969] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.874440] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.881945] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  586.890485] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.906814] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  586.908919] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  586.913711] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  586.923187] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  586.933397] Interruptibility = 00000000  ActivityState = 00000000
[  586.935676] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  586.941756] *** Host State ***
[  586.949291] Interruptibility = 00000000  ActivityState = 00000000
[  586.953172] RIP = 0xffffffff81212aae  RSP = 0xffff8801882b7350
[  586.958772] *** Host State ***
[  586.965291] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  586.968171] RIP = 0xffffffff81212aae  RSP = 0xffff88017e127350
[  586.974861] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  586.980589] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  586.988736] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  586.994974] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  587.001186] CR0=0000000080050033 CR3=00000001d37be000 CR4=00000000001426e0
[  587.008787] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  587.016190] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  587.021717] CR0=0000000080050033 CR3=00000001d2f65000 CR4=00000000001426e0
[  587.028678] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  587.035566] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  587.042348] *** Control State ***
[  587.048440] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  587.051808] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  587.057980] *** Control State ***
[  587.064995] EntryControls=0000d1ff ExitControls=002fefff
[  587.068167] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  587.073891] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  587.080377] EntryControls=0000d1ff ExitControls=002fefff
[  587.087638] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  587.092867] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  587.099736] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  587.106541] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  587.113402]         reason=80000021 qualification=0000000000000000
[  587.119848] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  587.126725] IDTVectoring: info=00000000 errcode=00000000
[  587.132919]         reason=80000021 qualification=0000000000000000
[  587.138553] TSC Offset = 0xfffffec3610841f1
[  587.144742] IDTVectoring: info=00000000 errcode=00000000
[  587.149427] EPT pointer = 0x00000001ba3a701e
[  587.154584] TSC Offset = 0xfffffec3585ddd48
[  587.163363] EPT pointer = 0x00000001ba4a301e
[  587.202240] *** Guest State ***
[  587.205591] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  587.214512] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  587.223705] *** Guest State ***
[  587.224146] CR3 = 0x0000000000000000
[  587.230725] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  587.230737] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  587.230752] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  587.230764] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.230781] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.237474] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  587.243133] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  587.249920] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  587.257555] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.257577] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.268705] CR3 = 0x0000000000000000
[  587.278308] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.283805] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  587.300085] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  587.307442] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  587.307461] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  587.307473] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  587.307490] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.307503] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  587.312960] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  587.325742] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.334783] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  587.339792] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.349086] Interruptibility = 00000000  ActivityState = 00000000
[  587.356746] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  587.363330] *** Host State ***
[  587.369986] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.376483] RIP = 0xffffffff81212aae  RSP = 0xffff8801896ef350
[  587.384828] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.391972] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  587.400309] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.406366] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  587.414377] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  587.417751] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  587.425881] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  587.432260] CR0=0000000080050033 CR3=00000001d37be000 CR4=00000000001426e0
[  587.440312] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  587.446278] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  587.454375] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.462156] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  587.470618] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  587.480327] *** Control State ***
[  587.484304] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  587.493500] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  587.499719] Interruptibility = 00000000  ActivityState = 00000000
[  587.506086] EntryControls=0000d1ff ExitControls=002fefff
[  587.514170] *** Host State ***
[  587.520491] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  587.527216] RIP = 0xffffffff81212aae  RSP = 0xffff880181ce7350
[  587.530068] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  587.538201] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  587.544519] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  587.552771] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  587.556066]         reason=80000021 qualification=0000000000000000
[  587.559121] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  587.566127] IDTVectoring: info=00000000 errcode=00000000
[  587.566141] TSC Offset = 0xfffffec3610841f1
[  587.582598] CR0=0000000080050033 CR3=00000001d2f65000 CR4=00000000001426f0
[  587.589512] EPT pointer = 0x00000001ba3a701e
[  587.591926] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  587.608304] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  587.618303] *** Control State ***
22:02:50 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})

22:02:50 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:50 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:50 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x40000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:50 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040))
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:50 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000000)={0x0, @aes128, 0x2, "020890440e47ceaf"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  587.648450] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  587.656595] EntryControls=0000d1ff ExitControls=002fefff
[  587.662111] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  587.669064] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  587.675808] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  587.682597]         reason=80000021 qualification=0000000000000000
[  587.688912] IDTVectoring: info=00000000 errcode=00000000
[  587.694418] TSC Offset = 0xfffffec3585ddd48
[  587.698735] EPT pointer = 0x00000001ba4a301e
22:02:50 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  587.758732] *** Guest State ***
[  587.783777] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  587.794335] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  587.803991] *** Guest State ***
[  587.807416] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  587.816711] CR3 = 0x0000000000000000
[  587.820514] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:50 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:50 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88a8ffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  587.829315] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  587.839374] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  587.861815] CR3 = 0x0000000000000000
22:02:50 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x3f000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  587.879969] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  587.887770] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  587.900773] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  587.917389] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:50 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:50 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  587.932167] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  587.942324] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.956682] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  587.958310] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  587.984092] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.005938] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  588.009317] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.022290] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.030548] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.038901] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.042697] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.047166] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.063293] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.067152] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.076023] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.088345] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  588.097824] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.103275] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  588.110668] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  588.115865] Interruptibility = 00000000  ActivityState = 00000000
[  588.128168] *** Host State ***
[  588.129310] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  588.131426] RIP = 0xffffffff81212aae  RSP = 0xffff880189d3f350
[  588.140000] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.145735] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  588.154002] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.160164] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  588.168960] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  588.182925] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  588.188533] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  588.190480] Interruptibility = 00000000  ActivityState = 00000000
[  588.200492] CR0=0000000080050033 CR3=00000001d36a0000 CR4=00000000001426f0
[  588.203062] *** Host State ***
[  588.209816] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  588.213379] RIP = 0xffffffff81212aae  RSP = 0xffff8801870d7350
[  588.219834] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  588.226127] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  588.231925] *** Control State ***
[  588.238572] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  588.242600] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  588.250117] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  588.256637] EntryControls=0000d1ff ExitControls=002fefff
[  588.262790] CR0=0000000080050033 CR3=00000001be99d000 CR4=00000000001426e0
[  588.268007] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  588.275387] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  588.282110] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  588.289116] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  588.295593] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  588.301649] *** Control State ***
[  588.308316]         reason=80000021 qualification=0000000000000000
[  588.312438] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  588.318154] IDTVectoring: info=00000000 errcode=00000000
[  588.325061] EntryControls=0000d1ff ExitControls=002fefff
[  588.330287] TSC Offset = 0xfffffec2bb3b0e18
[  588.336027] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  588.340167] EPT pointer = 0x00000001bb2a701e
[  588.347479] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  588.359452] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  588.362618] *** Guest State ***
[  588.369458]         reason=80000021 qualification=0000000000000000
[  588.369792] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  588.375928] IDTVectoring: info=00000000 errcode=00000000
[  588.385634] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  588.390332] TSC Offset = 0xfffffec2b9301c0a
[  588.399626] CR3 = 0x0000000000000000
[  588.403657] EPT pointer = 0x00000001c808201e
[  588.407697] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  588.423099] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  588.429246] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:02:51 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000000)=0x3ff, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:51 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:51 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:51 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xe00}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  588.436384] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.456878] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.465986] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  588.475466] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.484209] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.494675] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.503658] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  588.513673] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  588.528608] *** Guest State ***
[  588.533796] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  588.543237] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.551887] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.560622] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  588.570363] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  588.577055] CR3 = 0x0000000000000000
[  588.578953] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  588.581268] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  588.589226] Interruptibility = 00000000  ActivityState = 00000000
[  588.611811] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  588.612784] *** Host State ***
[  588.618390] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  588.618403] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:51 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000080)={0x5, [0x2, 0x1, 0x5, 0x5, 0x5]}, &(0x7f0000000100)=0xe)
ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000040)={0x2, 0x9, 0x2, 0x2, 0x8001, 0x9})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  588.618423] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.618440] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  588.628760] RIP = 0xffffffff81212aae  RSP = 0xffff880189d3f350
[  588.636663] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.652650] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  588.652663] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  588.652674] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  588.652688] CR0=0000000080050033 CR3=00000001d36a0000 CR4=00000000001426f0
[  588.652703] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  588.652714] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  588.652718] *** Control State ***
[  588.652726] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  588.652739] EntryControls=0000d1ff ExitControls=002fefff
[  588.667544] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.673925] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  588.684651] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.687500] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  588.698575] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.703047] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  588.707957] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.710522]         reason=80000021 qualification=0000000000000000
22:02:51 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x102, 0x0)
ioctl$TIOCEXCL(r3, 0x540c)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000080)=""/152)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000180), &(0x7f0000000200)=0x6)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:51 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:51 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:51 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:51 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x8000000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  588.717368] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  588.723579] IDTVectoring: info=00000000 errcode=00000000
[  588.732186] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  588.738437] TSC Offset = 0xfffffec2bb3b0e18
[  588.751643] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  588.755799] EPT pointer = 0x00000001bb2a701e
[  588.761336] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  588.776158] Interruptibility = 00000000  ActivityState = 00000000
[  588.790596] *** Host State ***
22:02:51 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  588.860177] RIP = 0xffffffff81212aae  RSP = 0xffff8801bac5f350
[  588.866964] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  588.885637] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  588.907205] *** Guest State ***
22:02:51 executing program 1:
socketpair(0x0, 0x2, 0x1200000, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x1c0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xdc}}], 0x1, 0x120, &(0x7f0000001540)={0x77359400})
socket$inet_tcp(0x2, 0x1, 0x0)

[  588.917159] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  588.931326] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  588.945717] CR0=0000000080050033 CR3=00000001d4398000 CR4=00000000001426f0
[  588.962264] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  588.973687] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  588.987110] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  588.998502] *** Control State ***
[  589.001714] CR3 = 0x0000000000000000
[  589.008645] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  589.023324] EntryControls=0000d1ff ExitControls=002fefff
[  589.032370] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  589.044798] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  589.046772] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  589.054992] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  589.062916] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  589.065937] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  589.077989] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.078184]         reason=80000021 qualification=0000000000000000
[  589.091612] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.097645] IDTVectoring: info=00000000 errcode=00000000
[  589.100732] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  589.106407] TSC Offset = 0xfffffec25483e7fe
[  589.114913] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.118571] EPT pointer = 0x00000001ba5fa01e
[  589.126854] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.139619] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.145889] *** Guest State ***
[  589.147702] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  589.151257] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  589.158942] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.158954] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  589.158977] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.168404] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  589.175931] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  589.175943] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  589.175960] Interruptibility = 00000000  ActivityState = 00000000
[  589.184434] CR3 = 0x0000000000000000
[  589.192073] *** Host State ***
[  589.202431] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  589.207750] RIP = 0xffffffff81212aae  RSP = 0xffff880181ce7350
[  589.221044] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  589.227981] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  589.227993] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  589.228008] CR0=0000000080050033 CR3=00000001cdeb0000 CR4=00000000001426e0
[  589.228032] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  589.241338] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  589.246501] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  589.246506] *** Control State ***
[  589.246515] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  589.246521] EntryControls=0000d1ff ExitControls=002fefff
[  589.246534] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  589.246542] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  589.246550] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  589.246563]         reason=80000021 qualification=0000000000000000
[  589.255037] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  589.260264] IDTVectoring: info=00000000 errcode=00000000
[  589.260270] TSC Offset = 0xfffffec220d6dabf
[  589.260280] EPT pointer = 0x00000001c838201e
[  589.268461] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.280234] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.312248] *** Guest State ***
[  589.315428] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  589.322964] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  589.328448] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.336096] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  589.340511] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.340533] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.345329] CR3 = 0x0000000000000000
[  589.349279] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  589.349300] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  589.349313] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  589.357730] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  589.365350] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.368948] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  589.376631] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  589.402417] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  589.418398] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  589.438071] Interruptibility = 00000000  ActivityState = 00000000
[  589.438076] *** Host State ***
[  589.438088] RIP = 0xffffffff81212aae  RSP = 0xffff8801bac5f350
[  589.438115] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  589.446322] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.452657] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  589.460132] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.460155] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  589.460170] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.460197] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.466663] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  589.472992] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.480683] CR0=0000000080050033 CR3=00000001d4398000 CR4=00000000001426e0
[  589.487111] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  589.487131] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  589.487149] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  589.494115] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  589.496787] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.502863] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  589.509243] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  589.517401] *** Control State ***
[  589.525216] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  589.533690] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  589.541242] Interruptibility = 00000000  ActivityState = 00000000
[  589.549454] EntryControls=0000d1ff ExitControls=002fefff
[  589.557285] *** Host State ***
[  589.563486] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  589.571251] RIP = 0xffffffff81212aae  RSP = 0xffff88018e827350
[  589.578548] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  589.586374] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  589.594943] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  589.602403] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  589.609210]         reason=80000021 qualification=0000000000000000
[  589.617419] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  589.623833] IDTVectoring: info=00000000 errcode=00000000
22:02:52 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x80000000, 0x4000)
r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci\x00', 0x88042, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f00000000c0)="66b8050000000f23d00f21f86635200000070f23f8baf80c66b882c88f8466efbafc0ced0f08660f2390660f3a4421b43e360fc75fb267649a470a3124666439f80fc31382790009", 0x48}], 0x1, 0x0, &(0x7f00000001c0), 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

22:02:52 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4888, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:52 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x4000000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:52 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:52 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x2f, @local, 0x4e23, 0x4, 'rr\x00', 0x2c, 0x7fffffff, 0x6d}, 0x2c)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f00000001c0)="d645470dfff97800ef00000000003fbce5d9fc8788204c0d945f5d87999b1b1cf4f3ac3b25f60afb7dddb2c269f59c2a842ea1ac046a541567544c5dc6c3e175cf5179bc8000000000000000000dd8f69f4f608cca874ee9827497b23b3b9dccf7f1cf653bcfe5aa00000b0a8afd039d9e2c189a1fc08ce5e7380e4674ae83c8c4ca211adee1f274ff023f918dedd280655ff13c65275f18f562a0d5f6a31f6e58013757a13d195731cd2ca14ab90d35cd24808af925e88c6ab803c9e92f13a2537a4026519547a0794a42d37e39cb024ded39ce62"}, 0x20)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  589.630053] CR0=0000000080050033 CR3=00000001cdeb0000 CR4=00000000001426f0
[  589.633714] TSC Offset = 0xfffffec25483e7fe
[  589.641002] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  589.647912] EPT pointer = 0x00000001ba5fa01e
[  589.654023] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  589.662692] *** Control State ***
[  589.675691] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  589.782360] *** Guest State ***
[  589.790195] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  589.800750] IPVS: set_ctl: invalid protocol: 47 172.20.20.170:20003
[  589.807118] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  589.814228] EntryControls=0000d1ff ExitControls=002fefff
[  589.816800] CR3 = 0x0000000000000000
[  589.825763] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  589.829452] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  589.839368] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  589.845299] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  589.849848] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  589.852373] IPVS: set_ctl: invalid protocol: 47 172.20.20.170:20003
[  589.859285] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.869631] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  589.881356]         reason=80000021 qualification=0000000000000000
[  589.885994] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.896619] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  589.906037] IDTVectoring: info=00000000 errcode=00000000
[  589.907424] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.911499] TSC Offset = 0xfffffec220d6dabf
[  589.911508] EPT pointer = 0x00000001c838201e
22:02:52 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x800, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:52 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:52 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:52 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4000000000000, @dev={0xac, 0x14, 0x14, 0x1d}}, 0xffffffffffffff59)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000040), 0xfffffffffffffffd}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  589.920174] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.928851] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.945241] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  589.953702] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  589.961835] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:02:52 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xf0ffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:52 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x8000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  589.989881] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.010556] EFER =     0x0000000000000000  PAT = 0x0007040600070406
22:02:52 executing program 1:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000240)={<r0=>0xffffffffffffff9c})
getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000280), 0x2)
r1 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x260000, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f0000000200))
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64IPOUT\x00', &(0x7f0000000100)='@md5sum:ppp1Jwlan0\x00', 0x13, 0x2)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  590.049511] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  590.077033] Interruptibility = 00000000  ActivityState = 00000000
[  590.088613] *** Host State ***
[  590.103650] RIP = 0xffffffff81212aae  RSP = 0xffff8801c045f350
[  590.109700] *** Guest State ***
[  590.117545] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  590.118500] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  590.143871] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  590.146115] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  590.161051] CR3 = 0x0000000000000000
[  590.161789] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  590.165927] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  590.172566] CR0=0000000080050033 CR3=00000001d7f47000 CR4=00000000001426f0
[  590.177098] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  590.184622] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  590.190408] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  590.197356] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  590.203960] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.209932] *** Control State ***
[  590.218112] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.221881] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  590.229571] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  590.236336] EntryControls=0000d1ff ExitControls=002fefff
[  590.244356] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.249939] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  590.257858] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.273082] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.277073] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  590.281249] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.291922] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  590.296144] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.303095]         reason=80000021 qualification=0000000000000000
[  590.310787] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.317329] IDTVectoring: info=00000000 errcode=00000000
[  590.325251] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.330922] TSC Offset = 0xfffffec1a6f41045
[  590.338776] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  590.344380] EPT pointer = 0x00000001d8de901e
[  590.349651] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  590.361521] Interruptibility = 00000000  ActivityState = 00000000
[  590.368005] *** Host State ***
[  590.371462] *** Guest State ***
[  590.374853] RIP = 0xffffffff81212aae  RSP = 0xffff880189d3f350
[  590.375094] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  590.380944] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  590.389855] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  590.396396] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  590.405517] CR3 = 0x0000000000000000
[  590.413194] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  590.422902] CR0=0000000080050033 CR3=00000001d8fc9000 CR4=00000000001426e0
[  590.430044] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  590.430058] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  590.436975] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  590.446942] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  590.451687] *** Control State ***
[  590.455251] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  590.458683] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  590.465416] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.472156] EntryControls=0000d1ff ExitControls=002fefff
[  590.480274] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.486324] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  590.494186] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  590.500737] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  590.508872] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.515400] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  590.523564] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.530034]         reason=80000021 qualification=0000000000000000
[  590.538285] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.544420] IDTVectoring: info=00000000 errcode=00000000
[  590.552717] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.557924] TSC Offset = 0xfffffec17a5fb46f
[  590.566278] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.570301] EPT pointer = 0x00000001c60f701e
[  590.578485] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.591529] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.598030] *** Guest State ***
[  590.599707] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  590.603572] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  590.609327] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  590.618537] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  590.625806] Interruptibility = 00000000  ActivityState = 00000000
[  590.634982] CR3 = 0x0000000000000000
[  590.640901] *** Host State ***
[  590.645124] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  590.647878] RIP = 0xffffffff81212aae  RSP = 0xffff8801ca367350
[  590.659931] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  590.666489] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  590.667023] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  590.674400] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  590.686078] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  590.686354] CR0=0000000080050033 CR3=00000001d7f47000 CR4=00000000001426f0
[  590.693295] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.700006] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  590.708440] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.714781] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  590.723134] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  590.729264] *** Control State ***
[  590.737847] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.740394] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  590.748843] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.755143] EntryControls=0000d1ff ExitControls=002fefff
[  590.763477] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.768633] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  590.777103] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.783613] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  590.791858] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.798336] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  590.806694] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  590.813059]         reason=80000021 qualification=0000000000000000
[  590.821267] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  590.827399] IDTVectoring: info=00000000 errcode=00000000
[  590.835644] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  590.840845] TSC Offset = 0xfffffec154cdc598
22:02:53 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000080)=[@vmwrite={0x8, 0x0, 0xfffffffffffff287, 0x0, 0x2, 0x0, 0x2, 0x0, 0x7f}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000400)="726379e6e101624d73328a191903bc6eb002c2e5ad047e2de2e6f2311800000017ca72daa7cec2aed9053759b80ff5080022de9a0fcf00ba75c6c0beb97d0f24b1390e1b44c5a27d2a0d6e05a02a13a2d84ad48b639217535cb126261be97e78eb01b9003a2517d5623c5122c765b37869fa87f8148340c433998f9e94926dda60b6b4f31465fb3129810f29dd2cb396e3f0982d50932a803ed726c5a1af4032c4042000013b7d4a8643b43e12fbfc11fd20cf749c50e5e0ded2e0befaebf5b2578ddb83a62dbf8e9c046a1523821423cdc33b1c17f5730748a939dc30af68d8fe0cc49becd6d1c15e52dbfcb66657a7dd28c71875c27e51746cb14c1964ca7d566d0500d38895870031dfc38e", 0xd822e459fe1223b4, 0xfffffffffffffffc)
keyctl$get_keyring_id(0x0, r3, 0x401)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f0000000540)="b8ef8fde618df20e2b6304d6ccf147f51868fe08ae2df934d72eb5fcbe5dcc984a080999a971ae8485295db10735897c525157cbb28e94fa245c93c0e18b5251a8e78833375a262167cb1457a0363fdad8cf94844b5c9cf7c3421be234790a72563ad83ca601e54e380848b45670fa414fde9d9d85b7ad05443e34c0da53534c3d716f055f5cd26b469e805b61b5e129191bf56d13dee0d1e97c1a0d3291c24a23d95e84948fed8332dd042cd4df4b6d0535aaadc433748bca0a560fa91ad80ff184ff86ca50d5d27a801852079e51376f8d378b98d3836645ac450a4ea6faea16424db75fb41493ec33fa4ee618046ceea96153a461368467d393bc0996510c")

22:02:53 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x800e, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:53 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:53 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xfeffffff}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  590.847550] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  590.851608] EPT pointer = 0x00000001bb28401e
[  590.859373] Interruptibility = 00000000  ActivityState = 00000000
[  590.870053] *** Host State ***
[  590.877706] RIP = 0xffffffff81212aae  RSP = 0xffff880189d3f350
[  590.884124] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  590.890666] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
22:02:53 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8060000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  590.902432] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  590.916139] CR0=0000000080050033 CR3=00000001d8fc9000 CR4=00000000001426e0
[  590.932128] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  590.959119] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  590.971561] *** Guest State ***
[  590.975832] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  590.985058] *** Control State ***
[  590.988645] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  591.000557] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  591.011253] EntryControls=0000d1ff ExitControls=002fefff
[  591.017553] CR3 = 0x0000000000000000
[  591.025828] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  591.031940] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  591.042629] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  591.048706] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  591.052910] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  591.060408] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  591.068762]         reason=80000021 qualification=0000000000000000
[  591.069603] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.079530] IDTVectoring: info=00000000 errcode=00000000
[  591.088778] TSC Offset = 0xfffffec17a5fb46f
[  591.090714] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.095366] EPT pointer = 0x00000001c60f701e
22:02:54 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8, 0x80000)
getsockopt$inet_dccp_int(r4, 0x21, 0x1b, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

22:02:54 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=<r1=>0x0)
r2 = getpgrp(r1)
sched_setscheduler(r2, 0x5, &(0x7f0000000040)=0x9)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
r5 = shmget$private(0x0, 0x2000, 0x1400, &(0x7f0000ffb000/0x2000)=nil)
shmctl$SHM_INFO(r5, 0xe, &(0x7f0000000100))
recvmmsg(r3, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:54 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
add_key(&(0x7f0000000d00)='blacklist\x00', &(0x7f0000000d40)={'syz'}, &(0x7f0000000d80)="6b4ff49ce469106c674ca10ed3189e7b691bf40501427bd044f43677f1f48f295ccb0c35f6bdb25c18816aaf3f1632a77c9dfaf6e3c16e82cc18e73b31c75dbbc571eac1dc60bb4b615d22", 0x4b, 0xfffffffffffffffc)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:54 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x4}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:54 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  591.102683] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  591.115903] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.125493] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.143577] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.157083] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.166294] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.174715] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.185579] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.195759] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  591.202695] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
22:02:54 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88a8ffff00000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  591.210261] Interruptibility = 00000000  ActivityState = 00000000
[  591.217574] *** Host State ***
[  591.220889] RIP = 0xffffffff81212aae  RSP = 0xffff8801d800f350
[  591.228350] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  591.238454] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  591.255330] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
22:02:54 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz'}, &(0x7f00000005c0)="6d47a00d44f23f5167efdb2c2f5c6a072264fd5be04e48d664e811fe5d35e89e4f0ae5fd5581f940ea16170bbd82e7a252dc4ae6e3a89101f8fab89ef1f7b78162bbc22c069506418547e402e112d1f6666a9bed07af0cd0e4435197777174abaceee10966b2fdf35a01847d485c47b00d2a2b3ef5a9365c8608994163b36fc4b2782703c873b0945a356d23a5a2ec1769fadf3da4b59bdffd3ab65fa8129b37556f571900c9d28ac42f94d1bd88fd85af06c643f263c845dcdeb40a300744645e005b767dc3db8687d8f75097da6aea56", 0xd1, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  591.262760] CR0=0000000080050033 CR3=00000001c8062000 CR4=00000000001426f0
[  591.271034] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  591.292298] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  591.301666] *** Control State ***
22:02:54 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, &(0x7f0000000080)={[0x6001, 0x7005, 0x2, 0x5000], 0x3, 0x80, 0x3})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x10000, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f0000000100)=0x80000001, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:54 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xf5ffffff}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:54 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4305000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:54 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x4, 0x80)
ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0xae5)
getpeername$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, &(0x7f00000000c0)=0x10)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:02:54 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  591.313086] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  591.340328] EntryControls=0000d1ff ExitControls=002fefff
[  591.356666] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  591.364098] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  591.370891] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  591.378105]         reason=80000021 qualification=0000000000000000
[  591.384658] IDTVectoring: info=00000000 errcode=00000000
[  591.390194] TSC Offset = 0xfffffec10610d017
[  591.398446] EPT pointer = 0x00000001ba3db01e
22:02:54 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  591.534812] *** Guest State ***
[  591.538466] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  591.549175] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  591.559568] *** Guest State ***
[  591.563498] CR3 = 0x0000000000000000
[  591.567614] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  591.577242] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  591.583583] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  591.592006] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  591.599486] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  591.617167] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.626330] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.634759] CR3 = 0x0000000000000000
[  591.638824] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  591.640299] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  591.647906] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.653624] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  591.661096] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.667455] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  591.675496] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.689195] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.690467] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.704002] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.707222] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.717627] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  591.722823] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.730324] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.738209] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.746772] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.754553] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  591.762900] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.769096] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  591.777182] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.784695] Interruptibility = 00000000  ActivityState = 00000000
[  591.793201] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.798921] *** Host State ***
[  591.807007] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  591.810261] RIP = 0xffffffff81212aae  RSP = 0xffff88017e187350
[  591.818364] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  591.824276] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  591.832234] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  591.838701] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  591.845165] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  591.853059] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  591.860535] Interruptibility = 00000000  ActivityState = 00000000
[  591.866527] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426f0
[  591.872807] *** Host State ***
[  591.879827] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  591.883080] RIP = 0xffffffff81212aae  RSP = 0xffff8801ca367350
[  591.889739] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  591.895831] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  591.901893] *** Control State ***
[  591.908372] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  591.911812] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  591.919724] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  591.926433] EntryControls=0000d1ff ExitControls=002fefff
[  591.932750] CR0=0000000080050033 CR3=00000001cf241000 CR4=00000000001426f0
[  591.937859] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  591.944958] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  591.951883] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  591.959095] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  591.965445] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  591.971628] *** Control State ***
22:02:54 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = getuid()
stat(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$P9_RGETATTR(r2, &(0x7f0000000240)={0xa0, 0x19, 0x2, {0x1, {0x10, 0x4, 0x2}, 0x1, r3, r4, 0x4, 0x47, 0x1, 0x10001, 0x9, 0x2, 0x5, 0x400, 0xe56, 0x0, 0x80000000, 0x8, 0x80, 0x80000001, 0x1000}}, 0xa0)
r5 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00')
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@ipv4={[], [], @loopback}, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{}, 0x0, @in=@rand_addr}}, 0xfffffffffffffffe)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001240)={'nr0\x00', <r7=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001280)={{{@in6=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{}, 0x0, @in6=@loopback}}, &(0x7f0000001380)=0xe8)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000025c0)={<r9=>0x0, @multicast2, @remote}, &(0x7f0000002600)=0xc)
getsockopt$inet_mreqn(r2, 0x0, 0x0, &(0x7f0000002640)={@loopback, @rand_addr, <r10=>0x0}, &(0x7f0000002680)=0xc)
getpeername(r2, &(0x7f00000026c0)=@xdp={0x2c, 0x0, <r11=>0x0}, &(0x7f0000002740)=0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000002780)={'teql0\x00', <r12=>0x0})
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000027c0)={{{@in6=@ipv4={[], [], @multicast2}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f00000028c0)=0xe8)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000002900)={{{@in6=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000002a00)=0xe8)
getpeername$packet(r1, &(0x7f0000002a40)={0x11, 0x0, <r15=>0x0}, &(0x7f0000002a80)=0x14)
getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000002ac0)={@local, <r16=>0x0}, &(0x7f0000002b00)=0x14)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000002b40)={{{@in=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r17=>0x0}}, {{@in6=@remote}, 0x0, @in=@dev}}, &(0x7f0000002c40)=0xe8)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000002c80)={'team0\x00', <r18=>0x0})
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000002cc0)={{{@in6=@ipv4, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r19=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000002dc0)=0xe8)
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000003340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000003300)={&(0x7f0000002e00)={0x4f4, r5, 0x808, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r6}, {0x128, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r7}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r10}, {0x12c, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0xfffffffffffffc01, 0x3, 0x4, 0x6}]}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}]}}, {{0x8, 0x1, r12}, {0x168, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x90000000000}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x66aa}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x7ff}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x20}}, {0x8}}}]}}, {{0x8, 0x1, r15}, {0x44, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r16}}, {0x8}}}]}}, {{0x8, 0x1, r17}, {0xb8, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r18}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r19}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}]}}]}, 0x4f4}, 0x1, 0x0, 0x0, 0x804}, 0x40010)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r20 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x2e)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r20, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
write$P9_RUNLINKAT(r0, &(0x7f0000000400)={0x7, 0x4d, 0x2}, 0x7)

[  591.978119]         reason=80000021 qualification=0000000000000000
[  591.981647] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  591.994272] IDTVectoring: info=00000000 errcode=00000000
[  591.994694] EntryControls=0000d1ff ExitControls=002fefff
[  592.000085] TSC Offset = 0xfffffec0b5d25e43
[  592.007677] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  592.016944] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  592.021363] EPT pointer = 0x00000001d36b401e
[  592.027052] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
22:02:54 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x4000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:54 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
r1 = getgid()
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32=r1]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:54 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x89060000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  592.035448]         reason=80000021 qualification=0000000000000000
[  592.058115] IDTVectoring: info=00000000 errcode=00000000
[  592.064402] TSC Offset = 0xfffffec0b6f0c811
[  592.074241] EPT pointer = 0x00000001c1c4901e
[  592.079144] *** Guest State ***
22:02:55 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x14000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:55 executing program 1:
socketpair(0x1f, 0x0, 0x8, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={<r3=>0x0, @in={{0x2, 0x4e21, @remote}}, 0xa6, 0x5, 0x3, 0x400, 0x24}, &(0x7f00000003c0)=0x98)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000400)={r3, 0x9}, 0x8)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
sendto$inet6(r0, &(0x7f00000004c0)="58844aec0a6a5c16534d1d99fc177df2bd0e90fc8193b9c8562e571e7f1f38ab59601203301c2a3dc1cd8765d58ce649c65b070fb28da37dcec8cc6f17f92cfef16ea06f78483f568d8a96afb7b35d33559ef507e6e2516051a5ff3850c8a22789f5f3", 0x63, 0x11, &(0x7f0000000480)={0xa, 0x4e24, 0x8, @loopback, 0x6}, 0x1c)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f00000001c0)={0x6, {{0x2, 0x4e23, @broadcast}}}, 0x88)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x8, 0x436d, 0x1c00000000000, 0x8, 0x4}, 0x14)
ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000100)={0x33, 0x26, 0x0, 0x1, 0x5, 0x8, 0x3, 0xf, 0xffffffffffffffff})
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000440), 0x4)

[  592.099412] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  592.118234] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  592.144624] *** Guest State ***
[  592.149743] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  592.162351] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  592.171552] CR3 = 0x0000000000000000
[  592.178516] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  592.180725] CR3 = 0x0000000000000000
[  592.185370] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  592.197444] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  592.204121] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  592.208886] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  592.216964] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  592.223952] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.224266] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.242391] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.251268] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  592.261919] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.262009] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.272748] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  592.278381] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.286222] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.296458] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.302744] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.310884] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.318406] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.334839] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  592.334872] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.342923] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  592.351243] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.358944] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.367348] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.374988] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.382993] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  592.391154] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  592.397700] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  592.404059] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  592.411542] Interruptibility = 00000000  ActivityState = 00000000
[  592.419027] Interruptibility = 00000000  ActivityState = 00000000
[  592.425353] *** Host State ***
[  592.431485] *** Host State ***
[  592.434813] RIP = 0xffffffff81212aae  RSP = 0xffff880191ad7350
[  592.437884] RIP = 0xffffffff81212aae  RSP = 0xffff88018611f350
[  592.443948] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  592.449900] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  592.456437] FSBase=00007f0848ae7700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  592.462825] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  592.470674] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  592.478882] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  592.484923] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426f0
[  592.490301] CR0=0000000080050033 CR3=00000001cf241000 CR4=00000000001426e0
[  592.497477] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  592.504509] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  592.511224] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  592.517973] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  592.524045] *** Control State ***
[  592.530210] *** Control State ***
[  592.533774] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  592.537129] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  592.543827] EntryControls=0000d1ff ExitControls=002fefff
[  592.550515] EntryControls=0000d1ff ExitControls=002fefff
[  592.556122] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  592.561449] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  592.568414] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  592.575420] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  592.582262] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  592.588830] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
22:02:55 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7f, 0x10081)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, <r4=>0x0})
r5 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x8, 0x420203)
ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x150)
ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f00000000c0)=r4)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:55 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:55 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000040))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:55 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0x11d)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000080)={<r4=>0x0, 0x8}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000180)={r4, @in6={{0xa, 0x4e21, 0x8, @mcast1, 0x6000000}}, 0x0, 0x4, 0x81, 0xffffffffffffff01, 0x8}, &(0x7f0000000100)=0x98)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
restart_syscall()
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  592.595552]         reason=80000021 qualification=0000000000000000
[  592.602000]         reason=80000021 qualification=0000000000000000
[  592.608489] IDTVectoring: info=00000000 errcode=00000000
[  592.615510] IDTVectoring: info=00000000 errcode=00000000
[  592.620713] TSC Offset = 0xfffffec06b5f1044
[  592.626093] TSC Offset = 0xfffffec0b6f0c811
[  592.630522] EPT pointer = 0x00000001d894b01e
[  592.634755] EPT pointer = 0x00000001c1c4901e
22:02:55 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xffffca88, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  592.705064] *** Guest State ***
[  592.708442] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  592.718290] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  592.743132] CR3 = 0x0000000000000000
[  592.747324] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:02:55 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  592.765541] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  592.774059] *** Guest State ***
[  592.774866] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  592.784997] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  592.798791] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:02:55 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:55 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  592.815277] CR3 = 0x0000000000000000
[  592.819935] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.821566] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  592.834758] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  592.840896] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  592.856152] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.863392] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.877099] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.889314] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  592.897567] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.905893] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.907473] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  592.917000] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.930126] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.938315] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.947062] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.953835] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.964342] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.964651] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.980853] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  592.989773] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  592.990150] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  592.998270] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.007654] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  593.020329] Interruptibility = 00000000  ActivityState = 00000000
[  593.023839] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  593.031029] *** Host State ***
[  593.037944] RIP = 0xffffffff81212aae  RSP = 0xffff88016dc77350
[  593.042511] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.045951] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  593.052923] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  593.058617] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  593.065228] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  593.072848] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  593.080528] Interruptibility = 00000000  ActivityState = 00000000
[  593.086240] CR0=0000000080050033 CR3=00000001ce6db000 CR4=00000000001426e0
[  593.092910] *** Host State ***
[  593.099670] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  593.103248] RIP = 0xffffffff81212aae  RSP = 0xffff88017e59f350
[  593.109703] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  593.116192] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  593.121851] *** Control State ***
[  593.128551] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  593.131750] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  593.139868] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  593.146354] EntryControls=0000d1ff ExitControls=002fefff
[  593.152877] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426e0
[  593.157834] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  593.165332] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  593.172073] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  593.179022] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  593.185466] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  593.191774] *** Control State ***
[  593.198189]         reason=80000021 qualification=0000000000000000
[  593.202142] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  593.208040] IDTVectoring: info=00000000 errcode=00000000
[  593.214977] EntryControls=0000d1ff ExitControls=002fefff
[  593.220209] TSC Offset = 0xfffffec00e4bf31f
[  593.225915] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  593.230064] EPT pointer = 0x00000001cf68d01e
[  593.237292] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  593.249371] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  593.252531] *** Guest State ***
[  593.256924]         reason=80000021 qualification=0000000000000000
[  593.259981] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  593.266056] IDTVectoring: info=00000000 errcode=00000000
[  593.281947] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  593.282949] TSC Offset = 0xfffffec0157adf32
[  593.293282] CR3 = 0x0000000000000000
[  593.296134] EPT pointer = 0x00000001d202401e
[  593.299046] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  593.309472] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  593.315641] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  593.319921] *** Guest State ***
[  593.325152] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.326474] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  593.333825] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.342985] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  593.350687] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  593.359860] CR3 = 0x0000000000000000
[  593.367620] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.372218] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  593.379471] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.386795] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  593.393390] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.399585] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  593.407399] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  593.414731] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.422127] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  593.430439] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.438183] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  593.446547] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  593.454297] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.462605] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.470293] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  593.478615] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.484792] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  593.493187] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.500698] Interruptibility = 00000000  ActivityState = 00000000
[  593.508663] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  593.517803] *** Host State ***
[  593.523057] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  593.529321] RIP = 0xffffffff81212aae  RSP = 0xffff88016dc77350
[  593.534179] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  593.547933] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  593.548462] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  593.557135] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  593.562765] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  593.574601] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  593.582525] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  593.582767] CR0=0000000080050033 CR3=00000001ce6db000 CR4=00000000001426e0
[  593.590223] Interruptibility = 00000000  ActivityState = 00000000
[  593.597225] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  593.604410] *** Host State ***
[  593.610774] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  593.614369] RIP = 0xffffffff81212aae  RSP = 0xffff88017e59f350
[  593.619810] *** Control State ***
[  593.625985] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  593.629253] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  593.635802] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  593.642412] EntryControls=0000d1ff ExitControls=002fefff
[  593.650282] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  593.655748] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  593.661757] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426f0
[  593.668671] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  593.676207] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  593.682345] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  593.689119] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  593.697060]         reason=80000021 qualification=0000000000000000
[  593.702099] *** Control State ***
[  593.708120] IDTVectoring: info=00000000 errcode=00000000
[  593.711677] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  593.717053] TSC Offset = 0xfffffec00e4bf31f
[  593.723973] EntryControls=0000d1ff ExitControls=002fefff
[  593.728171] EPT pointer = 0x00000001cf68d01e
[  593.733736] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  593.745563] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  593.753239] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  593.760446]         reason=80000021 qualification=0000000000000000
[  593.766851] IDTVectoring: info=00000000 errcode=00000000
[  593.772589] TSC Offset = 0xfffffec0157adf32
[  593.776961] EPT pointer = 0x00000001d202401e
22:02:57 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xfffffffe}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:02:57 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88470000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:02:57 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:57 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000040)={<r3=>0x0, 0x2, 0x10, 0x2, 0x103}, &(0x7f0000000080)=0x18)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r3, 0x1ff, 0x100000001, 0x1, 0x6, 0x91}, &(0x7f00000001c0)=0x14)
open_by_handle_at(r0, &(0x7f0000000200)={0x1008, 0xffffffffffffffc5, "7aef3655c2a9d9968d4232891b5e65044ee5e3370866104cb1ecf59b2c6a290fb13a30a34de02ce134fb0075628fd930614cce97f05aa90d2a0e5c771d82c3620db99706ee253e19c324fbe33f8443c9d376ac09cbe11dea5ee2731409088f5d54d825f1eb9693f802beda6e67ea976bea740cc4d06a7d3f4419ad42619bd1ce70bfeddb7aba7cc4d6b555139bcf2f4c018846c153be1980afe2833c89548878beff604fbee90a68b2eb73e97fda8361c1ce130c615dd2eb0ea548e92e1e89fc27e63d172deefda6eda5475d1e557103a32052ebda8783c4dcb1c45b048eb1be3d074f165ec8def2feaa40d59f1067ee244db5f3f555fbd5fc5d3ae269797dd7090573798866e9614dd175df4920def8baf8beff2132c1d2c28c34a1298ad6ae44a5726ecdb81ec4aae541939134500c60118cd6a28630f5835c85f668b097411d500b297fa6aa4aed17051c4bd5d11f221062e4f4941a909da122abd67701ae86e455cbef85953770f973b1b3982d6462deb3099d12b05f75ecb271e132ec5d9cc1778bd69af4cbfbbb369e972bbd581f715138046901026b608e375ff12935d7bdbdf8c0d7c7706e8c334e7552fa07476ae10c15d96faded0f43e94db1d735c88fc353739c142a34d7ba33dae7851890608654941fab0b37e926db161ad570b1878e367d50bfd4f5546800b653e81ce028fde86439703ad7353029ce5d51f7cf2f0a7a4c572e562a32d62d6c14c92f29b4f77148a6e442afc47ba11cf605124db7a28b9d638ed1de456291867476f124f7abb702d2ac5da96930bb4db0f80f2e6ddac25158e0e3d606b3fb43238f5ff2c9510c3d530d32f871591747b7eb4b0f5865258ece2aa8d2d02b3e0a3b7c5093691c5e3100d246236695a01cdda8de9e928100eacaf3e55b76611500bb624ea96a5867e580a71ed9573353205b8dcb12b778405d4382c5266744cebba2bbfcac83c688dadec12652e2a13c5605b04fdf6d5ccda2a8d1716cc87eabd4e51dc1aad55493bef1db5944e1191bcfabb6f5d87d3b000e11e482c18cfcc1ab4567d6f9f748e2f497d16fb77991f2553ecca61b4178bcd16ea122254b1eaf0451bf12c5e23c6bd81f423dfb731c054bf511f01666cb2560464dd1e7f72299f68ef9a933a0a37c1320276a82a3a067203832b4f8740d0a80e0c4ab08e93ecfcbb59e1d5de461cf184c2edd4110e91c75c0fb99646543d97326b45b036d50a33826afa543ce5887574fa1ed34077155c8e0eac1f606d8e9164fc47d2b65f927d46dea08ef2a6924871ac07741e06ccac698fc7f9eb593d70e90ca9535df737f29f17bafdb749b6cd478d31f6649131a45bc5141e1014eb60d6f15321fc69355d58469122d9376fadf5308465d1f3a60ddc042ba8221602b2db2bdd7157a80b1478d03d66729b640690f134fe350c35bb3d47b3e94b6ef08babc073ffceac706454f451311fd4d8d95401c8f3269346c61dc8787a28836b008ed497715b6a7f6edd10ea1519cba60450b5284ba0dd238b4ccfeab30c2d620cdd3f51cbfeba456ba085413dcf65c7243f01a9ce138130d2c1cac6e4d685ead2746a3590f173d55313eef244d5cd78c80576864207f0f6d993e38fd5de659f5ebe6217f329798f8c93fd10fb8a2bddabcc3ad6ee65b2046d7cc7d1976c9edbb7d67fd967ef4dcafed56f7ee49efc1d12b1bc2c3078ff6bb36143d8a08419a2a3bff20a5ef92871d56c20de4abfd6080b6dfb53898b466af337d6208a5af9461c4d33864bdbf353b1b3f0eeb24db8945abd5d0962e48cea00cd458158ddf691483ecd43ab6271e7efe6ed127c15b3fc9e67ce259229d271e0cf59e25816ecaef3666b28957b01409517f9d315cf71cf4a1e3468e592fd276a1a3c6e61f8d9dc9722a8e1310b7ce7d7e1ba2f8a279a5cbb89e42ad9550ddf99487af705455b22ee1e41340e7ffe8185fec2f725189d337cd6a849fcc2b1d884b432f058a198137d2cd29505b421905fb93e76c9d01626d161251a422d3ffb930fcf3ca83c6ac3dbb816fb557252becfc75eadafdd8990507ab453fa66711516fe9ef5b548cc934f8e076c53158332fe1e6ba805860c9f17adcec55ac61e74ffd418304ea83e677d07b5ce19d92dc3a1d1d8651320ed31b7b844a7a45298afcd317bfada0b8b397d5766b0675a1c8f7928884348a294c3e8c560b3b83c942633b4fb0b22910114d39fcae0120b5f3fca27607ccb9f868a9433fad0fa89111f1c993392053bc224aa75fbb5c08d9e11904a57a2d10d5cd06d9867a7163d3128252f95937af92825f87bfde3e975d562248da9bc16da1e2486efd7445aa1c6c4af4e673d2fb8739db2417e19a5574220b5a5ae580a24579c7432451e45d2d7acdd1fa3e182e732230400c2f108fc629bac1850fd0c0df38ef2dd61d50ee6b335809a8e437435c86c04cab045556e3bd438f5f0d3db72b194a8c6144964540c5cd6d1ae31866b255b4d89b5c1fec4559b08fcf503ca6a85ea23a7de9433cbed9b3079a36fd1a1fc95083791ac86e21d97852ca06089c628adeb3983972966c5dff0ccf128c762453873eadfbfbcd0ae6982649345baf8990c82cee3447b68665267a047ead7b4d592c7c7ba36acfddcd2c31d87e5efbdd02cd2077f5e9a5d779eeee5cbb070d7ae950f3aec03098815211f023211b92ee5b69db691900dcbe7b6318e7001c2f379118ae2086cbf6be26bdc99218d0c9177cdbbf6ba53aca27ebc3ae2041040e3f0fecf1d138629b2cabf9e974f2e191d33fdace82b9c5606dc0be4170f56425730d1ad441170550d7849244391a35c01693532ad14ad181746c0986bf6598563962ec18b6b19fd95e46c06054878119c9206bc7293f7ff2ecfe8aad829ad30352e51923a933416968aad529f17533d5b425d1fcc8b9c0308072496142255a95669782bf295e6bcac99b3fe5c74f6bed4016cd642b03a85cb45ae4daaa4d1fdf9600604489d0d2da92c182440055b0bc4f68d5b1c7f5e89459d9a044f0851f16ae74d8448b7e6b8b6dcf0c767291463059b976a6fee943fadbe58d61a0d54b2ba43b95658a6b39b6cfbb1dd920b4b91597e1d4575c302f5d07afef5002b26c8dec62233a7ac7ad14ab41ef69284e51dadc46e8726b429b36aeaefdf343aba1731333c699adc15122b7900898dc31620608bb7c184886c122bc217879b70b15bdfaf2b86a0c6ba046a37fc6636c4007ddd000a6106a9a0ecd542c17bb9f6db5f53bf96077f73acf461ba6bf0fbc525ab33c4213ef41fa21ad9cc0b47e0d29b8905b74717d011e10a4edc402a86e7fdd86afb023e304c0a3ac8f96095ac9dfb61e42f5ee69c04af0eeb665e9b42ae6f3c73d393bde2ecd0d90b446c91d7afd70d0869feb4fcc8f64096dd12c6a4bf92281a08d27707dfd14d7e86cdcdb89fe086a84e0f724a2fab74de1740cd695fc85d5bc6d688499d222c01cf6352157cd30066ec45e50fbc7000d2a34e0c8cf61ad4990ba829b30646c858e992f4c25305bccc42c3996329cdb1d88bf9f21155f3e90cf7c0e2fb3ae9d109d1aa8f098f9609a97206a9d9e147d7f4879eb0a9188d52d39d6b2230f4735c831672ee7a4704e46edbcf27749cc353b794d158bad81ff893415c8e331bc9a3c06dae730052178cec156165506464af8312e04ed9842e9cf23ae9f43c7d3a08410f64bc10d07d616e99bc8da94a39901f250f75de14af97f3eaebc18a8403ddcec40126b4efeea45ad575de5116f36753b896fba92aed225f5589cb4088dbfe57cb6326f90a58e8818234d51cee9c8de732852a32af5eb4881514523284b576ca7c64eb623b5db1bd51cb1f1546badb4819f3b357707897f6f44762546e35b5ae6cb79d14dee785cbe68fe0d199befda549a10a1dd6b61b5853bd338807697b703152040f7608ae3cb64e1999bec656dcbbbf3c8a5510ef87b6c78c6cece72852f38c9eebcfe16c18f5d102debbd5be10920d15735f64b2a8dd52f5ebae502e4e9774159374ff413bcfaaf76a582df51cc0f72c362682780893e6e5edcc769061aa9a7bcf9aeffe4c2db19acae68194304d65ab70115e4a6178fac3274a271ee2d0a0b97cb973f35799f26b45277865982ac50cfbea9b12687c1469edf331cd235ef077ce44a3e2e9967d59dd31831ada97e5ea1ee6e2c3d393c065112719658757c821b83e1132e3d6fba056d18390dd1917a789c167c195411fbdfbe61fc61fb4abcb533e8d8101f5a9342b5abedc82b1335c4ca706f19eae6d87c0b2e73d847317599a0e6d6e5967d60763238c3782b0fecb63c7c35465034e87b6cbdac816400dd4b96d5587dbdd9bd748ecedb9dba1000984f6a47a67c11f840915842ea7b386cf68891c30f57c66c61fb96028aa3889856b876dfc38fcb2a632442927d6c75000bbcc302bfa1f4db0d735947b17f05b43944cfdc39ba74ff28f3e4304aab33bdff27505cd2620a07f5ffaadeea3b4396b918ca20734b42825770ecb38c3369dd55f13777737c9e164de5292c4d0139dda0bfce1962dd39aa9d70739d41a4f5406ca8c48415d901169af4ac7388a86cda63657d6152ddfa886345abf5264ee4fcc876875c2a70b1f60d4ff5d637ea6a054e64060dcd68bb0f9ccf75906a7f5e82c66a59f8883c3737a765d40ce60099d4a08e8c2e5736dba088c189a46b3e79c60f6b18970b6301263de719722e209f3654532055c7c133ff0357e928c26833e14e86c7c6050e7a1f12dc813297848bda4a62e946484b2afeedd8924d06a0c4c88fb6425aab287165c54f89b05e38603da55dcabb7e2c1abbaadbe5df76e949f471375b916b97cba2eae64fc63a6b7c8bf3f6737ae9a89168c1da018ec7617c9ccd080cdddd6dfab828da503e809ba62d3fbd18b701b1ebfdf2154e2f46f7a8f6d64fbeb2db3df6e5590589b7a118feac41818d6b9ca485348b3d669aa092b404a6faa4b2dbf104aedadacc0477d39fb4bb7128ade4ecb74fd6406bc70c27f2e7e999a334a7353d58e3b501223ae9dd007134969732c542884a19fb2c816383b45881a2bb6cc7f1e10ea1fb9776fcb8f16326e832eb1d5fe1e59ee37a6d78dd55693d2b3075225576b4ae45b254d59ef8acbef6e0b1ece7f62a404f597ac9f9247b3038ceddc6aba030259c0a78168c7b050bec89aae011edd183fc0b155f16abd37ab5487858e98e4978b7829987eae143db7f010d7d8f0c344228394172d8731385b982d1af15f36458dd8c3250f9d35444e8d06da9985ddd6a6dceabf59bb1ea02c0d759f68df8704c5c00af4cace23ba52bf86d503d1fd83e35d462d5d5fdd491de5fcda6ab7a33361b50d6e4286d1c701b17fd1d745c1fc78e5837e1b0f4a5f2e99b2a82020435ff6cb9c8460592a6b7b30511e0e0dac9565243c62f294aa835b9ab7034dbdc7df78c84d5ee3ee61ad5e3f598664f5427b99621e55bf98168ea8313a29d146c30da751b64d77e2cb9704af9983032f246293faf31b257646206b77f1ce8238e5bfe4d365a139e9ab3075f9005b8663362baca0749f1dc9ce71da3f8edac064ed4eaf52b2cb5956afef3d07c09ac57ede633a179eacd6938680ba28510879ca2e8b575c0bdcc4d22d5fccc02cdfcae02cbf6a5e42df719898a979e94f9df0f5ead671bcb070b33400eb5be3e0473b137d4562bd3eaf8401d1a9636968f38f3270528046f3fdf60c9f3470cc7075f0f6d5535c5e3b25380f676294ef985f8d69c3670060ff4dd0ff0b2beaaea4d1580f519842fb3b1713cdbe1656a8f"}, 0x503001)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:02:57 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x80100, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:57 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:02:57 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x806, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  595.090831] *** Guest State ***
[  595.101863] *** Guest State ***
[  595.113165] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  595.124265] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:02:58 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:02:58 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8864, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  595.125624] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  595.142585] CR3 = 0x0000000000000000
[  595.146837] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  595.157785] CR3 = 0x0000000000000000
[  595.161582] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  595.167972] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  595.174322] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  595.180653] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:02:58 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  595.187956] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  595.196093] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  595.205547] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.214180] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.222679] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.230756] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:58 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xffffa888, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  595.239102] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  595.247764] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  595.256653] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.264991] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.273145] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.281496] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.290468] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.312373] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.320509] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.332087] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:02:58 executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  595.340178] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.349111] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.357642] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.365808] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.373991] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.382421] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  595.389080] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.390915] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  595.402172] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  595.406513] Interruptibility = 00000000  ActivityState = 00000000
[  595.417926] *** Host State ***
[  595.421342] RIP = 0xffffffff81212aae  RSP = 0xffff88016dc77350
[  595.422156] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  595.427995] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  595.435503] Interruptibility = 00000000  ActivityState = 00000000
[  595.445973] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  595.455929] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  595.456114] *** Host State ***
[  595.465374] RIP = 0xffffffff81212aae  RSP = 0xffff880189917350
[  595.465913] CR0=0000000080050033 CR3=00000001cc9bf000 CR4=00000000001426f0
[  595.472298] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  595.485223] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  595.490336] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  595.493783] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  595.500417] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  595.505963] CR0=0000000080050033 CR3=00000001d77ed000 CR4=00000000001426e0
[  595.512362] *** Control State ***
[  595.519184] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  595.523290] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  595.529340] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  595.536272] EntryControls=0000d1ff ExitControls=002fefff
[  595.542107] *** Control State ***
[  595.542117] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  595.542124] EntryControls=0000d1ff ExitControls=002fefff
[  595.542138] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  595.542153] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  595.548148] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  595.551168] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  595.558163] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  595.563432]         reason=80000021 qualification=0000000000000000
[  595.570569] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  595.577099] IDTVectoring: info=00000000 errcode=00000000
[  595.584344]         reason=80000021 qualification=0000000000000000
[  595.590732] TSC Offset = 0xfffffebecffde237
[  595.597737] IDTVectoring: info=00000000 errcode=00000000
[  595.603838] EPT pointer = 0x00000001b9f9e01e
[  595.610744] TSC Offset = 0xfffffebece02db58
[  595.623426] EPT pointer = 0x00000001b9c1501e
[  595.649510] *** Guest State ***
[  595.653234] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  595.662207] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  595.671116] CR3 = 0x0000000000000000
[  595.672274] *** Guest State ***
[  595.674924] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  595.678847] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  595.684213] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  595.684227] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  595.684239] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.684257] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.684274] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  595.684290] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.699210] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.713940] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.722363] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  595.729946] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.745004] CR3 = 0x0000000000000000
[  595.746577] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.755238] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  595.763362] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.771573] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  595.775106] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.783424] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  595.789178] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  595.797963] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.803241] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  595.811624] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.817982] Interruptibility = 00000000  ActivityState = 00000000
[  595.824656] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  595.832395] *** Host State ***
[  595.840163] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.847878] RIP = 0xffffffff81212aae  RSP = 0xffff88016dc77350
[  595.854407] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.862227] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  595.865668] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.873434] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  595.880159] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  595.887881] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  595.900397] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  595.902137] CR0=0000000080050033 CR3=00000001cc9bf000 CR4=00000000001426e0
[  595.910673] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  595.919027] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  595.923720] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  595.932247] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  595.938992] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  595.958639] *** Control State ***
[  595.966393] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  595.967963] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  595.974111] Interruptibility = 00000000  ActivityState = 00000000
[  595.977783] EntryControls=0000d1ff ExitControls=002fefff
[  595.985062] *** Host State ***
[  595.992200] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  595.998282] RIP = 0xffffffff81212aae  RSP = 0xffff8801c9377350
[  596.003883] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  596.006777] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  596.013942] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  596.019725] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  596.026700]         reason=80000021 qualification=0000000000000000
[  596.033277] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  596.039633] IDTVectoring: info=00000000 errcode=00000000
[  596.047314] CR0=0000000080050033 CR3=00000001d77ed000 CR4=00000000001426f0
[  596.053890] TSC Offset = 0xfffffebece02db58
[  596.059550] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  596.065251] EPT pointer = 0x00000001b9c1501e
[  596.072109] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  596.083167] *** Control State ***
[  596.093728] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  596.103942] EntryControls=0000d1ff ExitControls=002fefff
[  596.109486] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  596.116671] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  596.126423] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  596.133762]         reason=80000021 qualification=0000000000000000
[  596.140093] IDTVectoring: info=00000000 errcode=00000000
[  596.145727] TSC Offset = 0xfffffebecffde237
[  596.150051] EPT pointer = 0x00000001b9f9e01e
22:03:00 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x8}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:00 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x800e000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:00 executing program 5:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:00 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000040))
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a000000000b0000000100000003000000be000000890a0000000000000f0000c0f7ffffff030000000100000001000300000000000b000000030000000500000070000000050000000007000000ff070000190000c0050000000000000000400600678c00e0000009000000ffffff7f000003000000010000800500000037080000000000000700000005000000000000000000000027da00000000000001a977ad5c000000ff0f05000700000008000000000000000b00000000000000faffffff0400000001000000000000000000000000580cebc98af8d42e000000000000000000000000"])
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={<r2=>0x0, 0x7}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000002c0)={<r3=>0x0, @in6={{0xa, 0x4e24, 0x401, @mcast1, 0x2}}, 0x8000, 0xc4f7}, &(0x7f0000000380)=0x90)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000003c0)={r2, 0x8, 0x9, 0x3, 0x400, 0x2, 0x3ff, 0x3ff, {r3, @in6={{0xa, 0x4e24, 0x383, @empty, 0x8000}}, 0x8, 0x8, 0x9, 0xc0a, 0x80}}, &(0x7f0000000480)=0xb0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:00 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x2, 0xfffe)
tee(r0, r0, 0x0, 0x2)
write$apparmor_exec(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="65786563747a75737465644a21e2213777a2457651441da2da602d32876cf3c6ad942418be40f24ce0bac891bd4bedd8877fa50663075465db1e34fa542725e29635c100000000000000000000000000"], 0x23)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000001480)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x408a00, 0x0)
setxattr$security_smack_transmute(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='security.SMACK64TRANSMUTE\x00', &(0x7f0000001440)='TRUE', 0x4, 0x3)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000100)=@req3={0x10000, 0x3ff, 0x5, 0x2, 0x46, 0x401, 0x27}, 0x1c)
write$UHID_INPUT(r5, &(0x7f0000000400)={0x8, "2b004983e58063411cc0f4c41854d2e30b96c93521e961a2f0d5ca2714de75b335cde5ffb487bafc770e1a27ff0b7fd1bf8620aef566c07dc3106988e9e5e1a9a6ad2dc206042a7733a32871f846eb2845c59892bbac97b06582375a41688ee25da2754ddb90989598d52894e760fe8ec8bb0157877399b1a0fc0d4be6ddecddd6916c3c5aec8f0731c05bd2684d61a77ea0b839527f6044bd6a6634b446f18b6dd9e0d5ec2432f27a44c6ae9979c840a2bf3a8e2ea996bf0397817282e5b07625dbab546a5d1eb104f3433cad506d8470d51ee12ace467e3eb3d48a47a5c1e2879939ac999b2fffb7fced72645d657bb4131c6996eebb8fec6cd67b6e986bb3f058b2ee53f94358574b53dfd8d2ee4604be17a470a8b0605e1695dece6c1ae31ab8e11fddcc082cbceea4d69176171f8138ae3f0a423f53c61805a96f0a067dcabd6235d01d590c84c9d85fcf5fba658bc36e112c5ec11581cfb392c1a65e6c42a00692fc3201544af230de745ea474f5a0b5531c982d53e226e063f554a5039b5c9ea4cc64154f3068ea56a500b339da0b0e07bb9a031da04cf130ec711f70162660e965e1998ab109155981da2cbebdbcf7eb2aac56a68e1d3a39e910e2582f3c5452abff68f95f2f3f1dbb9f143247fea56fe581c4c9474daac0311085e4dd62c5085489a1fcd9626ce17b7a3d0003bf7943dc54fe32f2cdc770fc02ee133660f0f9380d6f0ee3e7336a369e56fa26d32c5218192dd632a8dec59a38443d4013b59c2469d745b0d829915717c4e99976adf3573623dc4758aaa6561f3668d43a03f8ebb0e2092738f55906db2cafb5507c3c6c678a82c5a9a3b32a2926e565d54653918f9fded67593cbe7948a69030cd6287b5ed4f129151a44bde912da41db9f6adbd794a461fd4edf6e7426658abb0b940a8ce2d85f9af1d33b87a95ae707cd140ce61237c0c8bdea77d89a6536afb81c95fd92ff0de96357c20fbc8a61320ad37bc241ef7bb6b2219ae89eab143093dcc544b109f66c7b26fba87cebc3b33aff5b7588f58aa220120d93b70385969b1887b5cd5f66409720276c05abdae49565680e467876b97c61eac54290d271ef1fa2cecc73a66559b550e7157bd5d22896af37ca31c975e48b1607bcb5135ef5e06a6ae715f98463713618f94b82d323478f8735dad835ca0f04bb9bea7cf0a499e7a73fcf75feb363f2728e1c08673fcf36afc0e1ce18887b8519702ba37d79b6fc42f0fdf46b5362370178a521e52cb3f4848a90dfceecabbad4089312ef1aa9ac1a2b5abc67a6bde974f1f023ecf0dbb2639867a138f9c033f5ed351d5518fa73cdfc9306745a7f90d644dd053d41b54e9751ddf13dc7d8b66784b22a1785276ba91524165c1aa77640ec3908b3d45f41db93e271e0c32126aee256f6d2bbf69a5f9229417bd30c842d04cd29e67f01fa213f7e687c9a18fa542bc367d2d0c012bfb4d495b1f36671cc1d71cc27c39a1f0bc82ca2e683155465195d7a7b420e177400117f7436169b9cec9a17d86749690b67c1786565dfeb7419fc0bfc16ff9b8eb928a8a0a5c711f2cfd24a6ceadca756b623b6a869ea02486cb5f035b958e86385f28aacde22b4ca56b03f59199e20d388a0d61efdab79fbea111bcfd984e91761d2e88a7542cbf03cddce16e806598f235293b2c1ac981624a7419f285d433ce65d1045eb23ea5adb530b63a9aa8a12abd2089a3f42131b3f48e9db65bd1422887bf30b8285c1c841c68dca8161ff004d7721643b881c9ca576f51348dfeb24b4f37c62b4fea8d009c95ec4e7c7dcac9653f1ff664ae41f923a7de20215fe8c204d67ccd45c28b7de8df572a54b8254ae308b48d38d4e0f7732a25f0389ded014bf991e0c7ebdd050dd10b57b9e83a0698bb3a08643a953a07231b3f1effe366ace010f868d4bf11ff4e1a1627f0de20730e125018f8c5482a1433a8c8cab73c95c88105eb9d118c4428719cb698fb2954f686f38f42a717f690f3439830808e98125399033c472476de43f16680b1ff23907b39a79fe66dab8ce72afcfad995e99514715b31e27332d0e816e5e0d031eb47698c1713d5a867ed0841aa5ec7a10a03d5cfc77438cc0612e158e59429fb3684adfb73c59ca5c54b5a7742e7b2a5a0adec72225fd0e8dc863e6effa42848b562b7523e7f49606261f77bf5a95d9409dc84c7ef62129fc9777bf9851ac506a128b2fa48bc3ac6909a47b9911f59878c48da6ef49cd3b497fe577bf446472b2869f5c3f332d9f2747afccab15fd16caab0786ac0b70ad21ca59b1b4eb103eb5d34a9c2781e277b487c6b161743ec2b69ce2d58b725ca9c64ec806d4ab9874a06c420c25b21eeb753fbeca27e3de90c415c49f85d491170c9742777ea38f6fca61e78b187ca8de6f536afb3eb2f7c5489ad9ad7aac6bcd382525b84f562563bd1542ba3217fc8adc2362c8d956c293f6a96154bb753c930bc5d7ea223a79741be7bf3b0875732e9ddc3107997871a3719bf2bf22822d96a72a6a9eaecebe9f7deebca074bb3b22b5cf678b44323729e29c9c17990d42d0e9118ac921496d41ab4838078e92126072e573dc7cac7434cb5d1e0db565530472f7d425dc9812420f9a28c92e0be673b13f932e56ab6819662ee9535be8043669860b979388c2946abcab6dd1912a03e89eac5cc6b378318c1d9f1ff85038c104aaf96cfde4c8ecf342e5b562da82d4dc68aecc8fb37bac33398b4f8ae3836fc886f43968aa84481b77b54ae22f27318a3d4a33667dd9fa3dcb716e19646dc7d250f4cc7a4c94fef629c0db3c0600ee6f7b5fb145fbcaefc04626a074032fc1cd643c2e32690958e35f189949e6e7bbfd1afa116e2b4363f641204f6ecce8ba9c821b4770a59864dd794f8d3921e8084e769c1a6d5b681c38ce35d25392e26e4fc350d6ea513556de58345d88d668c84eba96a46f0ec47ee1e9a5347ed21ed2c2a0fb0136bf4b279d153dd54a0e30b059289e485458c36c4dee624aee2c19743c14258228992ff36f91a40c3b507f0b5c88fdcaf12861023232082964f2bb269a5f5d44ad7303e243174d44aabcfda2caa826927ef27c41b080e8d4ff3015cc54c2e06d10f4262e32d296ca83b782aab67752a04f66c04ef423fe625553dd48fbe3eeff1e77bb8fcd886798effbdc224e98015541b80e4b9bd8fe4b4d99b0c63c3881345cdd6f6b5b02524c5392efa5008b2f631210f9ce6ea7fe9e6edafdf3523f9178b4fd9b0dc4decd39cc17aa570d067e5afa676ae0feb726c939a4ef202d742eec7193bf25327b8967ea4f1dbf92b28c2a2dade42cff3facf0d3c469738d26a4b9dfe883df65a124adaaf100bcaff3a7957aa863bcc390d5605778a4d7dac3c64d1712f7405b0a8ed6052a4ece43a3a069b45fc311900ba93d197d20681de6521f145f690c4b6a3997bc76532d0c0d3bdaf122a8cf40612502aafec070999ece032b90358cdbd94917dfe5a4c70be7f03719780e8c5c1b26f2b388eeec30c20ee52812fb2a0a9f90d0f48056c5e7a83fb5b297a948ac6da760e928bce1cd4804fe390aa5028d808d6125d06e8c2feb0411e7d889a3a5e652dc2fd602b72bf4c5970e9658154624f1e1ce950c88309d73f8f58ef8d8d9354ce69e39de7da702d2f8a68e65600abf9263d039925f9b8d2674e73c827f6c591bfd6b1a11eb24cee0be933706c88b18d9f6d7ba80678d873812e4224b7a2186f1927a92ac9c3eca3b183a120c4036121d0e814080f34d77dd34a8802f300f90dce269e8999e92947a8bbbeab5a169c469311382456f23b38bc12ed8dd4bf5f09fb86ada4915ce080f72993c4945e57d376f11daae1a9938e7235beefd827b3d243843f85ae0db316918d0486c7e1e0027614332934a752e8d000e8a142d5c13c9f4c2afa6f12444eced28b679ec5ffab1511ce6ca878af3db82f0b64b568276548c923a9cc24e0f5915060d06bc763bb1d594b281b82f7d9414fecee54c3844864734abde076b1f9c9270b11dc56141ce3ce27b5c2d15a85714b1b4da0038090ae0fc8000cf971dc1835156a7de82bea56e905abf11765332f2ce8d05746f8ab647d0d4add3a61f00ed107f2f1058eec0bdaa24e9baa3bc24357fa4f20bf85cdc56b37060ae687c634fc768a562ab98f8c63287a82b501ebea739a016b5e116b53cf67df5d395c76d6aa9b1b842ec1a9d49aa6b96f809769d891afcf90dd5bade8fe8b6b288dd6085ff35532f588c09142a6292c79e837c9b1e78935afc89c73e41de639bb031c74ea15f7797609896ab856a16ddb3ff601edd0fd086b94e85fd5b4fdd56642658f606132542262fcc8d33723601a8aa3e46728d149963d79c2e655d829eb27a3d63bd27f9f9f0ebc9147ac78b71c6afaad54f2919f9ca3208a1b7649f5d2a751aa7911e56b66880c66a2fb06a0d2fbb9c2ea95bdbf94cc5d49bd4459212ea053beb408927a34b99616b84dddd5dde711917f57b08580946a5d55ef788a290bc75b5cbc4e505fdca8bbfac9046cffc3c8ef04b8b4ae812bbc79564e04372ccfa30dd52de3f68a2cdba0c8cf677e4825aceda518df52bdac8ddad17db5707d5c3448ed89c263d2f20f3c95fcf68a90000bb942e7f65843ee969eb7d13fb305932fd0856082e35c4c1f3f952c324d3bf64bd887c7a3dc28d50374f1660b32bacbb0ed2b81a59166b3785f50e36fdf7ef9c0d7b52f510a8bd645404d12ccd16ddda145717bafa92b764fffe7198f0cd13e0083e71473c275604b5bdd72a6e7c960a9c98fd06a20658c5e45abe9e2f27e71d509d984769ac39ded553fd6a4d2d5c3f14b134b662976f8876aa2f86c64a41689a50e90f6e73dc901fa9a030bce4c8fe0dab87a699cdb94a15e1b8da53b6b839138a667f9fe53d06d46bbc2d91156719fd1142a132286bd0603625bf9f54e8202d23abe0e3b4d72d8402dd61a44b8ba25bbbead1bd0684c8889a573cc511aa91e87a0e7d8f31358cfc4a7cd03016127c630a5c9725c72fd6e12f1e05bb278078f1a541f71fe316da772ff0cfb9f76986d128322e327fafa7ee80f981f6ac35225998edb41366ec261514ddc4e886d54f220cb1a6246835c7787e6763f46b9a5a7532d0ab15f71c7fa241dcd533a1ffdb2fa99ee8df9cbfecb03a27ed07227bf7297aa7ce8c5c54dec240aa9bf5934d401457b0be8a90dc066c08c6336cf6d79b86863e4850c56f0cb6dc07b12478c57fcb5777e3095f5fa5a49a712ca2829473d35dd4a19f6400c2ebcd4658377d2cd3e1a5a8bc3607660471041c273bc0d10348a66c1d9b7fed406b357bb7d18a5a240b6eacd2842e4d399809dfbabe82bca5b95037f22ac64d299ee791dfdf56cd2046b33ff3828cfbc04ca9dac2a02d52a06cae96a67f3782f76c460f61778721b1554383815fc2b1d0e7032567b43b52376123b5285a0c488c54065c5089cb6f79b1323413f14386dfef75e4456ee88691e4518c162a62519eb3f69162934d9d9862cc3bfee0d9b90f78f40501a8f206bc63ac23dbab6cedf63bc69adb19b3dd8acae19400e4f894dad3d076a893e4305abc674cc06647f4300a3d35934949d0ecf29e4139db08296e0a2874f87e3859cdbd3c9fb40a5f6314637cc4e0a8388c300bd06377a7f82ae51daa6b757f1f9b7d7079ec116970e53b576e6e6a559700e5b47d5dceb50b0764ea9abb410212f2f475f57e1b4660be6de239399b9f8780ca5041f6d0c0e410620a57c2e5969790e1abad32ded9c093d02c08d66bd8084750b2", 0x1000}, 0x1006)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
fchmod(r1, 0x1c)

22:03:00 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {0x0, 0x0, 0xf}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:01 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88480000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:01 executing program 5:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  598.154726] *** Guest State ***
[  598.163856] *** Guest State ***
[  598.167651] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  598.168289] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  598.192233] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:01 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88640000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:01 executing program 5:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  598.214876] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  598.229439] CR3 = 0x0000000000000000
[  598.252344] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  598.261244] CR3 = 0x0000000000000000
[  598.280850] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  598.284524] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  598.299253] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  598.316556] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:01 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8035, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:01 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:01 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x4000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  598.332371] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.342333] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  598.366199] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  598.374701] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  598.394760] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.403780] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.421751] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.432239] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:01 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88caffff00000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:01 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  598.443985] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  598.461284] GS:   sel=0x000f, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.472199] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  598.480370] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.503614] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.547937] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.559919] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.592221] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  598.612560] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.620655] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  598.632250] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  598.638917] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.646952] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  598.659072] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  598.671679] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  598.673268] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  598.687072] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  598.704278] Interruptibility = 00000000  ActivityState = 00000000
[  598.705801] Interruptibility = 00000000  ActivityState = 00000000
[  598.718390] *** Host State ***
[  598.727134] RIP = 0xffffffff81212aae  RSP = 0xffff880172947350
[  598.731291] *** Host State ***
[  598.738887] RIP = 0xffffffff81212aae  RSP = 0xffff880191ad7350
[  598.740875] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  598.746974] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  598.758520] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  598.758655] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  598.766566] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  598.780314] CR0=0000000080050033 CR3=00000001c0755000 CR4=00000000001426e0
[  598.787949] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  598.794888] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  598.796469] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  598.801115] *** Control State ***
[  598.810651] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  598.817581] EntryControls=0000d1ff ExitControls=002fefff
[  598.822298] CR0=0000000080050033 CR3=00000001bc15f000 CR4=00000000001426f0
[  598.823302] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  598.838152] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  598.842359] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  598.845085] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  598.858826]         reason=80000021 qualification=0000000000000000
[  598.865472] IDTVectoring: info=00000000 errcode=00000000
[  598.866893] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  598.871079] TSC Offset = 0xfffffebd2c17c089
[  598.881644] EPT pointer = 0x00000001cdffe01e
[  598.886422] *** Control State ***
[  598.889999] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  598.901245] EntryControls=0000d1ff ExitControls=002fefff
[  598.916123] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:03:01 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080)="c67b85655029fab6f709719dce0c69c5d26218e6bb92366e39a2f65c7db2f82fa4f7ce40d3ff952c7352c77ad6", &(0x7f00000001c0)="a61acd06dc0524ccca8908a5bf97488fa579ede6d7842d26919fa8f504878755d1f761f38ab0bca5a154be32f848d27bb4eb7973bbacb376ddc1afe24c1914665b67e51721f989fc2114e55291ffe6f8b0805674265c6e8621b9992267ad042e31f1ff0947cc1e6dfb937ef7c6fba3825dea34744df4171b", 0x3}, 0x20)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040))
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:01 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000000))
keyctl$set_reqkey_keyring(0xe, 0x7)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  598.947882] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  598.954882] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  598.972270]         reason=80000021 qualification=0000000000000000
[  599.013080] IDTVectoring: info=00000000 errcode=00000000
[  599.032415] TSC Offset = 0xfffffebd2c43bdf6
[  599.039309] EPT pointer = 0x00000001c4b6201e
[  599.044671] *** Guest State ***
[  599.064486] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  599.082122] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  599.102550] CR3 = 0x0000000000000000
22:03:02 executing program 0:
r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x6, 0x101000)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  599.111405] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  599.127317] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  599.133840] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  599.140967] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:02 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:02 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:02 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x100000000000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:02 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
getgid()

[  599.157511] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.183830] *** Guest State ***
[  599.187150] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:03:02 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xffffdd86, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:02 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  599.207538] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  599.215595] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  599.215602] CR3 = 0x0000000000000000
[  599.215611] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  599.215622] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  599.215673] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  599.225025] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.234866] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.264891] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.266682] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.273082] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.304765] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.310813] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.322551] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.330697] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.338923] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  599.347101] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  599.348289] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:02 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:02 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0xf5ffffff00000000}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:02 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  599.362204] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.370322] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.378558] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.408858] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.408875] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  599.421068] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.432813] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.440888] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  599.448095] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
22:03:02 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xb00000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  599.454443] Interruptibility = 00000000  ActivityState = 00000000
[  599.472601] Interruptibility = 00000000  ActivityState = 00000000
[  599.481303] *** Host State ***
[  599.488539] RIP = 0xffffffff81212aae  RSP = 0xffff880191b2f350
[  599.490495] *** Host State ***
[  599.506804] RIP = 0xffffffff81212aae  RSP = 0xffff88018888f350
[  599.507352] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  599.519726] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  599.520051] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  599.534405] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  599.542841] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  599.548624] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  599.549089] CR0=0000000080050033 CR3=00000001c48a5000 CR4=00000000001426e0
[  599.566557] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  599.573071] CR0=0000000080050033 CR3=00000001cd5fa000 CR4=00000000001426e0
[  599.580915] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  599.594560] *** Control State ***
[  599.598693] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  599.604401] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  599.605843] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  599.618962] *** Control State ***
[  599.620592] EntryControls=0000d1ff ExitControls=002fefff
[  599.623258] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  599.628377] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  599.635037] EntryControls=0000d1ff ExitControls=002fefff
[  599.641925] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  599.647401] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  599.654207] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  599.661096] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  599.668054]         reason=80000021 qualification=0000000000000000
[  599.674426] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  599.680874] IDTVectoring: info=00000000 errcode=00000000
[  599.687453]         reason=80000021 qualification=0000000000000000
[  599.693084] TSC Offset = 0xfffffebca059d94d
[  599.699717] IDTVectoring: info=00000000 errcode=00000000
[  599.703838] EPT pointer = 0x00000001d766c01e
[  599.709236] TSC Offset = 0xfffffebcb0b9ab32
[  599.718011] EPT pointer = 0x00000001ce5a201e
[  599.726889] *** Guest State ***
[  599.730718] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  599.739724] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  599.743130] *** Guest State ***
[  599.752477] CR3 = 0x0000000000000000
[  599.752706] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  599.756257] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  599.765187] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  599.771235] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  599.786210] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  599.793203] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.793596] CR3 = 0x0000000000000000
[  599.805370] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.810688] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  599.813473] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  599.819627] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  599.827764] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.834033] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  599.841682] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.848372] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.864418] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.864655] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.873153] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  599.880671] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  599.888651] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.904721] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.904922] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  599.912902] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.928921] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.932379] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  599.942104] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.945131] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  599.953857] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  599.961094] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  599.967689] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  599.976003] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  599.983155] Interruptibility = 00000000  ActivityState = 00000000
[  599.991092] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  599.997390] *** Host State ***
[  600.003898] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  600.008133] RIP = 0xffffffff81212aae  RSP = 0xffff880191b2f350
[  600.014647] Interruptibility = 00000000  ActivityState = 00000000
[  600.026636] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  600.026652] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  600.033895] *** Host State ***
[  600.041048] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  600.044993] RIP = 0xffffffff81212aae  RSP = 0xffff88018888f350
[  600.050059] CR0=0000000080050033 CR3=00000001c48a5000 CR4=00000000001426e0
[  600.056430] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  600.063314] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  600.069931] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  600.076361] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  600.084533] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  600.090560] *** Control State ***
[  600.096730] CR0=0000000080050033 CR3=00000001cd5fa000 CR4=00000000001426f0
[  600.100459] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  600.113665] EntryControls=0000d1ff ExitControls=002fefff
[  600.119207] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  600.124277] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  600.126313] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  600.132929] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  600.139084] *** Control State ***
[  600.145675] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  600.149800] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  600.156082]         reason=80000021 qualification=0000000000000000
[  600.162703] EntryControls=0000d1ff ExitControls=002fefff
[  600.169226] IDTVectoring: info=00000000 errcode=00000000
[  600.174930] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  600.180169] TSC Offset = 0xfffffebca059d94d
[  600.187208] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  600.191462] EPT pointer = 0x00000001d766c01e
[  600.198353] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
22:03:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0xfffffffffffffffd, 0x0, 0x4000000003, 0x2000, &(0x7f0000002000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
syz_emit_ethernet(0x106e, &(0x7f0000000400)={@local, @empty, [{[], {0x8100, 0x1, 0xea6c, 0x3}}], {@ipv6={0x86dd, {0x7f, 0x6, "be9776", 0x1034, 0x29, 0x8152, @ipv4, @remote, {[@dstopts={0xaf}, @fragment={0x3c, 0x0, 0x1, 0x20, 0x0, 0xffffffffffffc5fe, 0x65}], @udp={0x4e22, 0x4e21, 0x1024, 0x0, [@guehdr={0x2, 0x4, 0x10000, 0x1, 0x100, [0x80]}, @guehdr={0x1, 0x8, 0x200, 0x451d, 0x100}, @guehdr={0x1, 0x7, 0xf3, 0x80000000000, 0x100}, @guehdr={0x2, 0xffffffffffffffff, 0x7fff, 0x3, 0x0, [0x80]}, @guehdr={0x1, 0x6, 0x8001, 0x1f}], "1c0fafbb70d97966e85384ac9f955a8ca561910cad0794608d5e483e2ab9abd6b5a321e41945688674e1b714771e0d0ff1932b001a37bc227beed15517d2b12de81a530611c65a52fb9e427a8d8f8824910b39ce0425f22fa4afd0c97637e86f045e983d8a430ae45c85492d9d0eab1f69f1ac32f309f449973632446010b9c3797186664ccc8becfbd0fc78af15fc21ea0719501cc039151e13b2dcb5fcb4d20382a5100d61075ab4a5157bea4fe780c219c010b8f8a726546c54a521605bbc8b30c1a9460d637b7401e523799753baa7f8cdb8e8e55d55149db0fb18f8f24dd642727d635b278156c7f7582eb71ef09fbcdfcc95074de1bc7bf29e70f765660e466a1aac2cc7a0486d16595d59f0fb4c6d5098d79cdea84d2b02a57d39c741f48dc1e2b227e4c6d3610a0e59fd79d1fad337e87f4da939ff6f2d00ef72b8cc4454371369fc0a42f3d7e599dd822a7cb5d4080313319a505642533b9331830c5b648673916966c7621b4b4cd08991aa9935479f3d4cf9f38bf72583a4d2a9e3f0552f6db9cef35acc1716e23ef8506d4661d85d100968fac6400a2493c636dfbfa99e90d1ab3aea024343cb02daaae174b9403833f416f225cdb9abcae53a8963a8f97a7997c4db346817b9ab46eaf8461b8f686deda82aaa8d0025fe630bb88e81c34ad45c2810dabecb40bc254de0cfcf919393722f11ce40f3fb53d6f2bc0ba911d02057809c0167492cd449ec60661190482d78a766c201752759ae960388405160acfb9f4faf3db40379fe22c2f7467e0561e9a672afa7dd04a976f4a12d55e10084e1e6d8bcb847263c1661c6bb578dac227d22ff29f7913356249c468b659079dd8d9783a4daeef3d1edbd286eed71347a25c9f425ab5a76067c5f474eba1961e4a6d26dd5420b9da2b2e29b771c554aa476f06e499d6c2eb4ef2638879a67ea236a5c639808bb98b31ceac8ebf878a2b6c4dadf99d20cba03eb4aaf400cf6cb7c3ed972776ffa57ba7604a47b10dbed836ee15b1267ad78c9640a6469cd81dc34f8daa4fba605af3afb85f6bfa8d1e00a0d7247248d9a803c71f8506274e09ff49acce3b7e3bbde4b3a57b5d6cbb9c9c9c87ed409560c6a8c2f05789027bbd75691f31b67a725eebfac693dfb56f83a460a51b4ed6038cdfb6b4cf9056ac4e260886afd39a7000cbcc767945e0d227708d1c2a254af57b81da17d700c25723ad9e91e6b6d4051ef8c471fe9b4dcfd6715bb35e5aea6806c2c992eb2b630d0235c5fec9d5630b9b3737f4d5a1b85a399af8edfd2dc0243fa0f5b7f27f0af2fbe46afb8e3462e3749b0df6cdc0d909e7b1cbebbb2a6ec444ec93729462d716b090c1c8b3dfbe51fdc439595e4e487ab3417753164699df29f2a6359f5faab7d95bb76c9ad722849eb7019d150c6422a91e59df3a0e505cb997671db44a05d38a38c45f8748a67599c5be6536c09a3ad13930b8df2b1708f86c386c4ba5ecf4533618da4b23c200fb7b177284c93209029c5ffbc9da868cd2452cb65f8bebfa0cc966e1b2c72b8a0f5f2494b1bc896fd57548f9a393d2ca253e2af84733d6fde43ce886ec4099ddb2b010901e3819d6ea0b2804fe06ce268ab9e234aa829053daa63b50be42263aafa6b4f5c26f83535310c02d19b443434632a68207bb0fc86277a95679c8b24287f1171213a7f7e5b513c69afe2dbd8628d6e4d26f8419d097b09b3415f8d94e0163c875f98339ea6e52fd611b1e8555b2558a3dde39ffde990daeae206a7753a95510cffd1114ff5220bace4124bdf57fedb975259eb2e2d4efc41018ca9a09d7eb56039c63c1800ee676724924796225d87a5959378006e29526d7d0461acc849fcc82a3fcb39bcc8a142e8b61ae999d81cbbdb921914fcc5219fa3b744ae180820d7c124a090a0abda09b53fb90c39dc66eb9aae90a835f2f22073511cf80bee8e39645a3ef738a70b4c5d771a1607675b0781920b3d74c431a59cb78892d12758076046ff214083b4b469f8455b30a665b7496190bd1796ba77000a424440f12b92fd7e89d2738ef93d38bb4be2dc46218ee12e5ff1b8353b5ad41c222dc7efd48d36dad43f051f373f98f0060e010daf6b3916c803c102451b7367e1a209cfa5a6fdf8694296991ebabcbf08eb704af1d134f080400e3bd2c3902a40822808dd47735fea89aa490db8f4a778edef67b6dfa66638a8220c0bf3a41f77677365f21d8a791b2434869e83d1e7a1544bf2ad55bd25ea49ce783f6af05bdf63d50af1ee0ca2d544a6e262154089bc10478e79fc1c6281d9332cf1d27d40a713a994c3b957a4513dbcc9fd7f1324c2ab7ece7452f4c22a842a9a35afff99982aceb9df835315b29b6639c4ed43452055b724f3bdff1f05a0eed7f2d0e0dbb1e55023f0b1d211f88e156b2554b03d37e59822a0af053bee6815421768014258260dde50237263cbce916bb58a3b41ff8ad865121f365fe011ea68d44224bb53b1086c5c0c91324bfe35ce0516b7b89b16053338c622adf4ef6a102f855647e3316b81bb120bb36edc924ba581a56c02a20f97550340b5fdf304b3fd4e17823c59032bee1677da04df8e51e31ca58d74d28ccc08d001297604b40f708189795cdcea9dffac27cf74df6cd924237c3b3a3662b0a14448f7d00393a22363a1e9295a8efceeb2c2587a81c89b931565c5d6c970313a584cd0a4c0670e367b8475d18af57b969f91c0fce64dcbdc1e6619833202ea74ba166d29ae6088d968a488f3385dd7fbb4e1a0b0a54bc8e0a70f9ae8eac2b70e8a5f62ba2d80078c99a6cd3642d4265c050a44322710218e74e01c58608e68e5d2b57ea13f93c3105242c3d3d1b2306d7365358120949e1d3d3b691683576e24a56d22f06294f0460520fafddb0730c63545ac80687e644d6740a22ac0788c109d406ba42711cda5799ec899ca91e4248bde14f402123cf3963e1e903d66b397282c3fdec6e1d36d5784872f7ea2327206c86b6c0d9ed3ca2c419264cd26db6e339ca810831b3e9db44ebdbd633f40f814a432817b4da05a180b1ad719c145db9519fb019c8ed38e3835dc2c4a2f634fc4d267f5d9460692086326c91d7ca2d154c47b09ca5e8c36cd79457d593cf4d9805decb2cf90c39d1af161983ac6d7d31717627ae3d23c9b5ee8b6ae917e8570662eb1a077f77e879fbe6879b511497951c734c85dc145d18e0e794626196dec39e76719077957b1549762198bf5a5ed6d926bd56ff8876efd19ec4e67a6471ff6b765b005ceba44f74358e095fea7e0cc71331496aa96cd4faa99c8379ec9af82010b393692c758e1bb9e537230a4035bebbf26de6be67e175191cf99aac3bf285a783e1495e6e9240f1f9d35b1daf895b4bd5ad71dcd58207425c4cf4ee2ed7ae60b84a2cec0bf43205160cdfa944438caa125852f4aef729a4773db44b05b53701eda8fee71f034c5aaafb916373450ee496ca9e9b6871c81c002b3ba7b4ef823395a75a483afb308b47cdf0ade3822772eef4572b4273f041bbb2737b58a967091e4427f65520023be801ec3b9debd36d37107862efa0c158ff36e30a8e80a11c31b15299e6337a792ab49118d2802a711167a9053c055dd8a9a7662f15acf0e43112138d82f7e9801d6111eb5d27f597293310d5a54ebc57a9ab4bc5baceb10a35b24b8390bad6b02f957a0839b6401a24bccfaa3199ba48f6f05a29d1768906cdfbb7d8924ba8068152707ce692d4a4bdad304dbec0a1f0dfba56678103e413425d93b6b3599c39ee53c5b5f7f2ee58b32966f743a5e0bba1bf2b11f1f224dbfa438c122e12d902b85da8edbd887934ee4bc635bc874bbf52851eb883dfcbb5a560b7db3e3c9aee68d298f29afeba033bd75b34137fe70c618bc2002f2dd55f8a93ce6cccd3259db347d6d134aa392722e73150e9e88dc5008af82127db1252cacb70e18365d32deac701001fcad861b8e7aa15f6bdd7d24ebe73eeb0e85ef59e1a63e2d6db1b776c5614d360971328827e35dd3361735469355968f1b0030fae98bb094fa12533e2facfd35ad741fd8011c6989c71a26b22912c58cbd83cc1ba9c424abf7b0fdbd1a65ab900baad366dcd842ec873da6cfd0bc6f26c42093fb50a98e48d32f6300a3fa4c4644817156cbd07009badf328cd683060be280391fc2c45dc855f5fc5e2c4c96b47a0be1739e101e403933bf60c42f9d4e0433ffd1627aa24d80d893582ada2ce41ef1ba163174d8d5d458ee73b5dc0b7ca395f725d58b367385584fd0931350643bbd7e7a7ed887d53f687acdb7792dc866bac16d011ce5054263338c091ee6b6636bfa92d6956e9635b81d359267ec5ffa1fe7e09032fd51127491fa04f5c5770d85b3de9e535b656d72cd739efc16d8cd7a0316caa649b0d45ad6b565560e754d52d3a20170b9aaa00fa147ad6054e640bf383aee2abacdc06eacd2fc3aa0ed8f6495e2953917e401d53b98347d56055f19ede48715b0716b1f3f7ce0ee7141a61e93272c5d03e23498a9feb46055f9315425cc7b83097bb626e22be37607a170e32385ecbc677663fa846b64ceeaad1c0b78c12e1b9943faba9bd588cbfd067c4f7edaa466558e579fe68ffd90523c225f26dff06de00e6f97f6d3af113b8bab892029bb450070d191126bc244337087897c23b340fa6802d093ffa745550650f909a6296577ae79fe595bdef5a724b31fc6519d5349515fe39eab5e22909b4b9a53a45644743450833aaab625f8b854627e5c1a84202998c64e01f00b10617b5fec328adfb4e739b1abdf64e8698c26737e80591089ef08d3ee4eb8be615193c6dac7b4908926aa3e9398b93a25ae737ebd7689d4678596b84b00f982b3607791a114c8e5e8e788a065d2d1777e8d41d7187db2ddf2fef488d6d9aab295036e512d26e9e50cd095ddd90b3ea803c5253dfecc4911675f2661b89ed00f5ff558f072549a70082080a18a6b91f7f2c2270f4bcf8333af29bebb9f8a894ad797bd94b6f2b060769beea123cd57b61c1d0be5a8e2ee180e5665cdf03fb759f9ad7b69fc1a34d281349bc230582f4594593a4fcb6c21cbb2f7870d5783360adac5166d35f7c675291da94d5653876a9e333142bf29308cb7f98d9f53cebd06893476d2ddfd35a2595f911294057b1ed3771c3dccee4e6fe5f74b6c3db4fd4b9fccf821055416c8a6bea8260881b5a41e5b707aa66bf9b2e19c9a3b38988e7fb13334275d5ccae53ad4f7642beafd105a81da7ba86bbb1195bd425e55cb29e0edcce015791aed6b87930e95cf8339fe99d6c2a78c1c51a4b2cd3f42afd546df969329bb1f940661f6683562f9ec1c2715be0e45d5f96a4ae17340bf1e6b5a033899e1ba36782d8715e3c168b954eadf4409ebe3613175b9db2dc2d0cd06445f578d012e6a959e558e7150ea39540da20616b9f32b2b36cd157cef3698b8242c4b10a9b82a70d2775a0a976d9d54148946fc253d4d2565a78498b5a0200665c2f54abd516c7a6e30fc898aa00b1613f07711bdf2f6903e2f0a5c2f24123c4bd024237025e4f653c61d5ff5a4c81baaa57052ecbe73a2a85f1905a146d167a3454069f6c41ffdb06ee6311fd5e6efbd87380595b38477e1eb0ed29b45661cf50d72d6e1c7ad324b6ff8ce6eed3db9b3936c133f5f96d32a765b9066fde487429b4f2c9c9d6e41acdbca5c0bd3db69106c8e0911e732a9686ee68d208062f36ed0878d4fb05a9ddf52326914a592efe3d9917a70f938e9551f86096b9741630680e3b35a19094a"}}}}}}, &(0x7f0000000000)={0x1, 0x3, [0x595, 0x31e, 0x40d, 0x16]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000080)={0x40000, 0x0, [0x0, 0xbc3, 0xfffffffffffffff8, 0x16c, 0x7, 0x6, 0xb34, 0x2]})

22:03:03 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x806000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:03 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:03 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000080)={0x20, 0x2d197ab1, 0x2})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)

[  600.209250]         reason=80000021 qualification=0000000000000000
[  600.221338] IDTVectoring: info=00000000 errcode=00000000
[  600.226887] TSC Offset = 0xfffffebcb0b9ab32
[  600.231234] EPT pointer = 0x00000001ce5a201e
[  600.299886] *** Guest State ***
22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:03 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000380)={'security\x00'}, &(0x7f0000000080)=0x54)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3, 0x100000000000000}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000040)={0x3, &(0x7f00000001c0)=[{}, {}, {}]})

22:03:03 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  600.324933] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  600.358274] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8100000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  600.390055] CR3 = 0x0000000000000000
[  600.407453] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:03 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x543, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  600.434143] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:03:03 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000000)="43e5000f35410fc769ac66b880000f00d0470f011e0f082e2e3e0fe933b9ab0200000f32430f320f01b000500000", 0x2e}], 0x1, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:03 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  600.477258] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  600.507176] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xe80, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  600.522314] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:03 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x0, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  600.562550] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  600.568489] *** Guest State ***
[  600.578960] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.588793] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.597690] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:03 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8847, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  600.600419] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  600.606068] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  600.624703] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.642220] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  600.663501] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.673361] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  600.678805] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  600.686079] CR3 = 0x0000000000000000
[  600.697568] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  600.699167] RSP = 0x0000000000000f80  RIP = 0x000000000000000b
[  600.716127] RFLAGS=0x00010086         DR7 = 0x0000000000000400
[  600.722667] Interruptibility = 00000000  ActivityState = 00000000
[  600.723125] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[  600.736401] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.736987] *** Host State ***
[  600.748086] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.748707] RIP = 0xffffffff81212aae  RSP = 0xffff880186f1f350
[  600.756477] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  600.762819] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  600.770572] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.776904] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  600.785110] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.792747] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  600.800917] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.806629] CR0=0000000080050033 CR3=00000001ba88a000 CR4=00000000001426f0
[  600.814832] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  600.821662] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  600.829964] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.836409] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  600.844648] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  600.850505] *** Control State ***
[  600.858832] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  600.862057] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  600.870229] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  600.876710] EntryControls=0000d1ff ExitControls=002fefff
[  600.883465] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  600.888655] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  600.896464] Interruptibility = 00000000  ActivityState = 00000000
[  600.903528] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  600.909623] *** Host State ***
[  600.916121] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  600.919692] RIP = 0xffffffff81212aae  RSP = 0xffff88018c1bf350
[  600.925960]         reason=80000021 qualification=0000000000000000
[  600.932358] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  600.938312] IDTVectoring: info=00000000 errcode=00000000
[  600.945108] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  600.950183] TSC Offset = 0xfffffebc056e4351
[  600.958310] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  600.962379] EPT pointer = 0x00000001d2b0c01e
[  600.968585] CR0=0000000080050033 CR3=00000001bece6000 CR4=00000000001426f0
[  600.980535] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  600.987258] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  600.993372] *** Control State ***
[  600.996834] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  601.003523] EntryControls=0000d1ff ExitControls=002fefff
[  601.008983] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  601.015948] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[  601.022687] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  601.022786] *** Guest State ***
[  601.029264]         reason=80000021 qualification=0000000000000000
[  601.029270] IDTVectoring: info=00000000 errcode=00000000
[  601.029276] TSC Offset = 0xfffffebbe0766ed7
[  601.029285] EPT pointer = 0x00000001c104c01e
[  601.040590] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  601.049472] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  601.071053] CR3 = 0x0000000000000000
[  601.074832] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  601.080816] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  601.080832] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  601.080844] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.080862] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.087597] *** Guest State ***
[  601.093605] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  601.109584] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.114243] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[  601.132115] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.143593] CR4: actual=0x0000000000002060, shadow=0x0000000000000020, gh_mask=ffffffffffffe871
[  601.146152] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.155030] CR3 = 0x0000000000002000
[  601.163126] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  601.174476] PDPTR0 = 0x00000000322b6001  PDPTR1 = 0x000000000b146001
[  601.174495] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  601.189260] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  601.190194] PDPTR2 = 0x000000001c719001  PDPTR3 = 0x0000000001a3d001
[  601.197391] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.210510] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  601.217776] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  601.218269] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  601.225330] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  601.237870] Interruptibility = 00000000  ActivityState = 00000000
[  601.242074] Sysenter RSP=0000000000000f80 CS:RIP=0050:0000000000002810
[  601.244226] *** Host State ***
[  601.250910] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[  601.254246] RIP = 0xffffffff81212aae  RSP = 0xffff88017e0f7350
[  601.264040] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  601.268153] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  601.280851] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  601.282695] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  601.290937] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  601.298903] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  601.306748] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  601.312458] CR0=0000000080050033 CR3=00000001ba88a000 CR4=00000000001426f0
[  601.312473] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  601.312484] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  601.312488] *** Control State ***
[  601.312502] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  601.320720] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  601.327595] EntryControls=0000d1ff ExitControls=002fefff
[  601.335519] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  601.340430] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  601.344052] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  601.350585] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  601.358847] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[  601.364121] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  601.372438] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.379090]         reason=80000021 qualification=0000000000000000
[  601.387422] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[  601.393802] IDTVectoring: info=00000000 errcode=00000000
[  601.401794] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  601.408402] TSC Offset = 0xfffffebc056e4351
[  601.417080] Interruptibility = 00000000  ActivityState = 00000000
[  601.423175] EPT pointer = 0x00000001d2b0c01e
[  601.429210] *** Host State ***
[  601.442904] RIP = 0xffffffff81212aae  RSP = 0xffff8801c64bf350
22:03:04 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x101000)
ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000080))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000100)=<r4=>0x0)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000180)={[], 0x1, 0x0, 0x12000000000, 0x1, 0x7ff, r4})
syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x8001, 0x101080)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:04 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:04 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x0, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:04 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x5c00000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:04 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
write$nbd(r0, &(0x7f00000001c0)={0x67446698, 0x0, 0x1, 0x0, 0x3, "25e636bfa5cbeab6179a352ad0270ea5f17423258a065f723382c011a378d99a8df17cc43900e1691835615c520b829be5ab3bfe7fb1d1ae5f0b5fa87583cab761415252f13b93ff3680b76dd9c6c8b742a39b69620df1bde10bafeb6d47efb19f11bbd2eedc22d073d14041620d7ff3ae14422baa2dfb749bdfb52f2303db47b1b76f2e54ee2bf0f8397ff6b480832c2626213dd5d357d3a129a9c940d50a25a6be789d3bf7b69ae901bca703979c18e257095f34832d3a5aeb293a19a2b3cd36645fbb1271e3c56950f45310274ec867ce80daf34b48d398b7cb0c641259c20eda41eb9a0e844998"}, 0xf9)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  601.453024] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  601.491239] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  601.506590] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  601.524210] *** Guest State ***
[  601.527613] CR0=0000000080050033 CR3=00000001bece6000 CR4=00000000001426e0
22:03:04 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x43050000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:04 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x0, 0x20, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  601.534847] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  601.543972] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  601.552627] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  601.562546] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  601.568729] CR3 = 0x0000000000000000
[  601.572647] *** Control State ***
[  601.580642] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  601.592792] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  601.599626] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  601.613127] EntryControls=0000d1ff ExitControls=002fefff
[  601.623806] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  601.637863] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  601.649630] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.670951] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[  601.678209] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.681834] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  601.698161]         reason=80000021 qualification=0000000000000000
[  601.704737] IDTVectoring: info=00000000 errcode=00000000
[  601.708842] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  601.710274] TSC Offset = 0xfffffebbe0766ed7
[  601.718629] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.722923] EPT pointer = 0x00000001c104c01e
[  601.731427] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:04 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = fcntl$getown(r3, 0x9)
r6 = syz_open_procfs(r5, &(0x7f0000000080)='net/sctp\x00')
sendto$llc(r6, &(0x7f0000000400)="ba7122ec45db4e39ea9302159d6eea17ccf5a531792ba6a4dc25b20f7db22e553be5fd2de8b0d02d566cb535b86661817e8be106e4f40ce7f20da5b76109044207dfb2d7140fe13099fbd3b022efd74d90cfed65762358e5a5e542f8783c53dcb719a16eccefd3179eac647c1c10551209a13c886c8191c40e471be09c69326473ffff1bc68c36c319315c7f86f1f314dd8ab7946d587aa1ce03efe924987bc4f76c95b25fecf5b4f8a409c2c08f5de903c74de0", 0xb4, 0x0, 0x0, 0x0)
sync_file_range(r1, 0x8, 0x80, 0x6)
ioctl$PPPIOCSFLAGS(r6, 0x40047459, &(0x7f0000000000)=0x40)

22:03:04 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x800e0000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:04 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:04 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  601.747325] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.755677] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  601.763947] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:04 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x86ddffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  601.792583] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  601.805129] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.824522] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  601.832350] *** Guest State ***
[  601.843490] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  601.848819] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  601.861867] Interruptibility = 00000000  ActivityState = 00000000
[  601.867094] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  601.877232] CR3 = 0x0000000000000000
[  601.881577] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  601.887984] *** Host State ***
[  601.889072] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  601.897525] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  601.904559] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.906465] RIP = 0xffffffff81212aae  RSP = 0xffff8801874ef350
[  601.920375] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.928588] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  601.937134] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  601.937660] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.951454] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  601.955072] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.962972] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  601.967909] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  601.973664] CR0=0000000080050033 CR3=00000001ba88a000 CR4=00000000001426e0
[  601.981424] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  601.988854] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  601.996633] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.003588] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  602.011257] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  602.017778] *** Control State ***
[  602.025522] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.029331] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  602.037030] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  602.043966] EntryControls=0000d1ff ExitControls=002fefff
[  602.050129] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  602.055842] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  602.063118] Interruptibility = 00000000  ActivityState = 00000000
[  602.070154] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  602.076357] *** Host State ***
[  602.084175] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  602.086346] RIP = 0xffffffff81212aae  RSP = 0xffff8801bc7a7350
[  602.093216]         reason=80000021 qualification=0000000000000000
[  602.098999] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  602.105559] IDTVectoring: info=00000000 errcode=00000000
[  602.111756] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  602.117528] TSC Offset = 0xfffffebb5c2a8937
[  602.125148] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  602.129878] EPT pointer = 0x00000001bd71701e
[  602.135372] CR0=0000000080050033 CR3=00000001c2c82000 CR4=00000000001426e0
[  602.146880] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  602.153688] *** Guest State ***
[  602.153715] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  602.157392] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  602.163186] *** Control State ***
[  602.172727] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  602.175732] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  602.184981] CR3 = 0x0000000000000000
[  602.191325] EntryControls=0000d1ff ExitControls=002fefff
[  602.195324] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  602.200533] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  602.207091] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  602.213709] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  602.226425] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  602.233190] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  602.239905]         reason=80000021 qualification=0000000000000000
[  602.239968] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.246692] IDTVectoring: info=00000000 errcode=00000000
[  602.254372] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.260134] TSC Offset = 0xfffffebb321ea705
[  602.267859] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  602.272561] EPT pointer = 0x00000001c819801e
[  602.280245] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.293426] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.305701] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.314080] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  602.323407] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  602.331437] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  602.339478] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.347781] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  602.347923] *** Guest State ***
[  602.354795] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  602.358461] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  602.365132] Interruptibility = 00000000  ActivityState = 00000000
[  602.380228] *** Host State ***
[  602.380242] RIP = 0xffffffff81212aae  RSP = 0xffff8801874ef350
[  602.380263] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  602.389497] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  602.396318] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  602.403721] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  602.403734] CR0=0000000080050033 CR3=00000001ba88a000 CR4=00000000001426f0
[  602.403748] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  602.403759] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  602.403763] *** Control State ***
[  602.403771] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  602.403778] EntryControls=0000d1ff ExitControls=002fefff
[  602.403790] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  602.403798] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  602.403806] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  602.403819]         reason=80000021 qualification=0000000000000000
[  602.415901] CR3 = 0x0000000000000000
[  602.432068] IDTVectoring: info=00000000 errcode=00000000
[  602.433302] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
22:03:05 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

22:03:05 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:05 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:05 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xd000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:05 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@mcast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6}, 0x0, @in=@rand_addr}}, &(0x7f0000000040)=0xe8)
connect$packet(r0, &(0x7f0000000080)={0x11, 0x0, r4, 0x1, 0x2, 0x6, @random="42c5dcb25b3a"}, 0x14)

[  602.438400] TSC Offset = 0xfffffebb5c2a8937
[  602.438411] EPT pointer = 0x00000001bd71701e
[  602.441943] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  602.454667] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:05 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8100, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:05 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  602.612845] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.621212] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.629730] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  602.638821] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.651625] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.660497] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.669891] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  602.678445] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  602.687253] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  602.695735] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  602.703873] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  602.711220] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  602.718786] Interruptibility = 00000000  ActivityState = 00000000
[  602.725197] *** Host State ***
[  602.728514] RIP = 0xffffffff81212aae  RSP = 0xffff88018816f350
[  602.734774] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  602.741173] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  602.749066] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  602.754990] CR0=0000000080050033 CR3=00000001c2c82000 CR4=00000000001426e0
[  602.762083] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  602.768753] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  602.774833] *** Control State ***
[  602.778288] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  602.784970] EntryControls=0000d1ff ExitControls=002fefff
[  602.790434] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  602.797393] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  602.804118] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
22:03:05 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2020080002000000, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = dup(r1)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r5, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3ff}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x4000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:05 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xfffffffffffff000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:05 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb, 0x7f, 0x0, 0x85, 0x20, 0xffffffffffffffff, 0x7fff}, 0x2c)
ioctl$int_out(r1, 0x92c1302fc8d200ff, &(0x7f0000000100))
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:03:05 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:05 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  602.810679]         reason=80000021 qualification=0000000000000000
[  602.817026] IDTVectoring: info=00000000 errcode=00000000
[  602.822493] TSC Offset = 0xfffffebb321ea705
[  602.826797] EPT pointer = 0x00000001c819801e
22:03:05 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  602.898863] *** Guest State ***
[  602.902347] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  602.917556] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  602.933230] CR3 = 0x0000000000000000
[  602.937377] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
22:03:05 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:05 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x5c00, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  602.952172] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  602.967857] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  602.987424] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:05 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  603.014051] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.022857] *** Guest State ***
[  603.026162] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  603.039396] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  603.054737] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.074823] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  603.087292] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.096714] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.106898] CR3 = 0x0000000000000000
[  603.110703] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  603.117289] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.125578] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  603.131712] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.139805] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  603.139820] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.139840] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.139860] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  603.139878] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.146752] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.163512] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.178771] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  603.188821] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.194900] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  603.201577] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.209341] Interruptibility = 00000000  ActivityState = 00000000
[  603.209345] *** Host State ***
[  603.209357] RIP = 0xffffffff81212aae  RSP = 0xffff880181497350
[  603.209378] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  603.209390] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  603.209402] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  603.221215] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.225757] CR0=0000000080050033 CR3=00000001c2c82000 CR4=00000000001426e0
[  603.233478] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.234470] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  603.272527] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.275529] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  603.284450] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.290183] *** Control State ***
[  603.290193] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
22:03:06 executing program 1:
socketpair(0x11, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:06 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:06 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  603.290200] EntryControls=0000d1ff ExitControls=002fefff
[  603.290214] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  603.290222] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  603.290236] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  603.298846] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  603.304320]         reason=80000021 qualification=0000000000000000
[  603.304326] IDTVectoring: info=00000000 errcode=00000000
[  603.304332] TSC Offset = 0xfffffebaa0de6a2a
[  603.304340] EPT pointer = 0x00000001c0c8c01e
[  603.312754] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  603.329299] Interruptibility = 00000000  ActivityState = 00000000
[  603.404922] *** Host State ***
[  603.408156] RIP = 0xffffffff81212aae  RSP = 0xffff8801c548f350
[  603.414209] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  603.420630] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  603.420642] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  603.420659] CR0=0000000080050033 CR3=00000001cdbff000 CR4=00000000001426e0
[  603.441874] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  603.449268] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  603.456759] *** Control State ***
[  603.460226] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  603.467035] EntryControls=0000d1ff ExitControls=002fefff
22:03:06 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0x6, 0x30100)
getpeername$unix(r2, &(0x7f0000000200), &(0x7f0000000180)=0x6e)
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000680))
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000400)=0x80, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f0000000500), 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
fstatfs(r4, &(0x7f0000000440)=""/168)
r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400000, 0x0)
write$binfmt_aout(r5, &(0x7f00000006c0)=ANY=[@ANYBLOB="07018d014b4e8a5953ddc0753c020000940000009f050000d302000004000000000000000000000088111defbe0e7274354c321b6fad1ebd9f08fa0e442e3d805b7968239fb3db1bdbd6da"], 0x43)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000580)="67f3400f2b5e4c0f2098660f38806d3f2e3e0f30c7442400e0230000c744240206000000c7442406000000000f011424c4e1a5fcbe080000000f01dff2ad400f01c8430f2055", 0x46}], 0x1, 0x2, &(0x7f0000000640)=[@cr0={0x0, 0xa000001c}, @flags={0x3, 0x100000}], 0x2)
getsockopt$inet_sctp_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8)

22:03:06 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:06 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x3580, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:06 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
getsockname(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000100)=0x80)
setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000200), 0x4)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000480), 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000080)=0xc)
r5 = getegid()
getgroups(0x2, &(0x7f00000000c0)=[<r6=>0xee00, 0xee01])
lsetxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000400)='trusted.overlay.upper\x00', &(0x7f00000004c0)=ANY=[@ANYBLOB="00fb2e0374e1af261639dbb4ffa570228244eceb260864cf7802105269ce41ebdadad0fdf7f538a3514a5b099335b38a000000000000"], 0x2e, 0x3)
setresgid(r4, r5, r6)

[  603.472587] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  603.479509] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  603.486276] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  603.492888]         reason=80000021 qualification=0000000000000000
[  603.499215] IDTVectoring: info=00000000 errcode=00000000
[  603.504733] TSC Offset = 0xfffffeba905b960a
[  603.509059] EPT pointer = 0x00000001b986201e
22:03:06 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:06 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  603.576255] *** Guest State ***
[  603.590835] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  603.612267] *** Guest State ***
[  603.613155] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:06 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  603.626192] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  603.634823] CR3 = 0x0000000000000000
[  603.652750] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  603.653184] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:06 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8906000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  603.673180] CR3 = 0x0000000000000000
[  603.677152] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  603.677602] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  603.703000] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  603.704417] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  603.709807] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:06 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[@ANYPTR64=&(0x7f0000000b00)=ANY=[@ANYRES32]]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  603.725432] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.752227] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  603.755883] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  603.760410] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.781430] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.789874] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.800602] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.809473] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.818580] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.828221] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  603.836643] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.845185] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.859190] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.869867] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.879452] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.890097] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.900747] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  603.908479] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.917742] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  603.932277] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.935836] Interruptibility = 00000000  ActivityState = 00000000
[  603.946961] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  603.947146] *** Host State ***
[  603.958651] RIP = 0xffffffff81212aae  RSP = 0xffff8801866c7350
[  603.966137] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  603.966250] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  603.980894] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  603.986219] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  603.989077] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  604.001449] CR0=0000000080050033 CR3=00000001d8109000 CR4=00000000001426e0
[  604.006132] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  604.008905] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  604.023120] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  604.029280] Interruptibility = 00000000  ActivityState = 00000000
[  604.029296] *** Control State ***
[  604.039445] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  604.043278] *** Host State ***
[  604.046487] EntryControls=0000d1ff ExitControls=002fefff
[  604.055031] RIP = 0xffffffff81212aae  RSP = 0xffff88017fd7f350
[  604.061460] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  604.068243] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  604.075523] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  604.083773] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  604.090552] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  604.097559] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  604.103764]         reason=80000021 qualification=0000000000000000
[  604.110210] CR0=0000000080050033 CR3=00000001d8fc9000 CR4=00000000001426f0
[  604.117645] IDTVectoring: info=00000000 errcode=00000000
[  604.123478] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  604.130282] TSC Offset = 0xfffffeba43022150
[  604.135045] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  604.141222] EPT pointer = 0x00000001c1ec601e
[  604.146103] *** Control State ***
[  604.152139] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  604.165228] EntryControls=0000d1ff ExitControls=002fefff
[  604.170829] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  604.178205] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  604.186384] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  604.194828] *** Guest State ***
[  604.198125] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  604.216491]         reason=80000021 qualification=0000000000000000
[  604.223310] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:07 executing program 1:
socketpair(0x11, 0x0, 0x2, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:07 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xf000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:07 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  604.232752] IDTVectoring: info=00000000 errcode=00000000
[  604.242377] CR3 = 0x0000000000000000
[  604.246113] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  604.259814] TSC Offset = 0xfffffeba3f861acf
[  604.264616] EPT pointer = 0x00000001c6c5501e
[  604.269794] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  604.287936] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  604.301769] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.310052] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.322260] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  604.330329] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$bt_hci(r4, 0x0, 0x2, &(0x7f0000000400)=""/241, &(0x7f0000000100)=0xf1)
getsockopt$EBT_SO_GET_INFO(r4, 0x0, 0x80, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000000)=0x78)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:07 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[], 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:07 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x608, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  604.338980] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.349480] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.373184] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  604.381590] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  604.404077] *** Guest State ***
[  604.405789] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  604.415160] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  604.424367] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  604.433945] CR3 = 0x0000000000000000
[  604.437800] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  604.446468] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.453760] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  604.455658] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  604.467139] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  604.473942] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  604.474546] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.481718] Interruptibility = 00000000  ActivityState = 00000000
[  604.490143] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.496570] *** Host State ***
[  604.503994] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  604.507305] RIP = 0xffffffff81212aae  RSP = 0xffff880187dc7350
[  604.515236] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.521771] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  604.529331] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.535898] FSBase=00007f0848ae7700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  604.543793] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.551905] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  604.559628] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  604.565951] CR0=0000000080050033 CR3=00000001d8109000 CR4=00000000001426e0
[  604.573632] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.581001] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  604.588741] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  604.595763] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  604.603556] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.609725] *** Control State ***
[  604.617589] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  604.621443] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  604.627526] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  604.634786] EntryControls=0000d1ff ExitControls=002fefff
[  604.641699] Interruptibility = 00000000  ActivityState = 00000000
[  604.647414] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  604.653458] *** Host State ***
[  604.660600] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  604.663655] RIP = 0xffffffff81212aae  RSP = 0xffff88018cf17350
[  604.670345] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  604.676396] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  604.683533]         reason=80000021 qualification=0000000000000000
[  604.689376] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  604.695920] IDTVectoring: info=00000000 errcode=00000000
[  604.703631] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  604.709431] TSC Offset = 0xfffffeba43022150
[  604.715067] CR0=0000000080050033 CR3=00000001cd9f8000 CR4=00000000001426f0
[  604.719711] EPT pointer = 0x00000001c1ec601e
[  604.726414] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  604.737576] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  604.743803] *** Control State ***
[  604.748133] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
22:03:07 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0xfffffffffffffffd, &(0x7f0000000000)=[@cr4], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {}, {}, {}, {0xf000}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:07 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:07 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[], 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:07 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  604.755486] EntryControls=0000d1ff ExitControls=002fefff
[  604.761048] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  604.768134] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  604.774972] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  604.786110]         reason=80000021 qualification=0000000000000000
[  604.793033] IDTVectoring: info=00000000 errcode=00000000
[  604.798572] TSC Offset = 0xfffffeb9d365d3bb
22:03:07 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  604.803103] EPT pointer = 0x00000001ba53b01e
22:03:07 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[], 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

[  604.839915] *** Guest State ***
[  604.851125] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  604.863942] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  604.873123] CR3 = 0x0000000000000000
[  604.877598] RSP = 0x0000000000000f80  RIP = 0x0000000000008000
[  604.883716] RFLAGS=0x00010002         DR7 = 0x0000000000000400
[  604.883733] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  604.883747] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.883769] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.883788] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  604.929199] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.937380] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.945663] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.968000] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  604.985006] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  604.999049] IDTR:                           limit=0x00000000, base=0x000000000000f000
[  605.008460] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.021381] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  605.027993] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
22:03:07 executing program 1:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000240)='/dev/snd/pcmC#D#c\x00', 0x6, 0x200000)
ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000280)=0x8)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$inet6_udplite(0xa, 0x2, 0x88, &(0x7f0000000200))
setsockopt$inet_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x2, 0x4)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000100)={0x6})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000ac0)=""/131, &(0x7f0000000b80)=0x83)
socketpair(0x2, 0xb, 0x9, &(0x7f0000000a80)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r4, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r3, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
socketpair(0x8, 0x80007, 0x2, &(0x7f00000001c0)={<r7=>0xffffffffffffffff})
io_setup(0x4cf, &(0x7f00000002c0)=<r8=>0x0)
io_submit(r8, 0x8, &(0x7f00000009c0)=[&(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2, 0x4, r0, &(0x7f0000000300)="626d282761e055850e78dc8bda4b2f6154239a2c46c72634c3dadedd83d053a7315c3322c4b9e07025fc93aedd7c5bb3ee1a2b80fe338a328be2ee7ffd6cdabd2f13344f2ab286f40565db1116613601de05c1d93e6216120d12191cde312ab05293684f70856977c3b6963905b98e77711b28ad4162ef8373c03733fe2faf54c819c507da7637c66f9fd16913df839a2985add57648c1fa4e643fa529cdcd525b0ec0b6ae9aeba25b42a999d205d599667804e58e7594b86020", 0xba, 0x8, 0x0, 0x0, r0}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x2, 0x0, r4, &(0x7f0000000400)="0bde7349918ce298b6e1493e0d343234d1435e3061fa4bbd699c3b0918512edf15321b49b820976549805a86d7504d3129b2b05dc00dbe092f68ac9751fe860a7f6a4089093bb337760485480308f0d190a68339a5a69f472e782364cf80249bf04594d4bb6ecf2b66a888c0c647dd395a3f1f2441102b87488f40267e580d81470233a9372ecbe7b31609705382d3fc3f0505bd4ba8e326fb7dbd892d6804251d8482a4a2f5f1764b55e5c1b937f8da087b58762660db3c9cee2964ee9e70128dfb98f3ceb0533a1775", 0xca, 0x3, 0x0, 0x0, r5}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x100000000, r1, &(0x7f0000001580)="fd784ee21b224442af86e2f57c609d005c5c9fea3066346be06e4bda960288bd071ded4491e47fcb8e867b06d9d6aa51bc92b88d4762a179cc81640ddac44c9825293dec57bb3c080a6a854a1e95bf3725e025b745a5216e7b698838cd2c114d094b4ee0626df522521eced1f70612df51920ddf328522c4016c1952946ad6bc8c830ff265886e3579642a5c977f8ea6bdabaacfe850b2174c7d087549613ed78bdc4aa294a67f6e629c87422114b9a532e2775e94edae19c36639c997298567f64e25eee6618ac8dffef5a8a035a4cef2a709d4dce5b7f60e92aee45815e0d8a977ac597723ed9bc513f09e59a9c26a9c4e76933776881d16c8ac38ed6023f12454b14a9339d30896c8f7556e17b6b2e78bf0c0fe43cf86a59e0a56b6b3949b2f0cb06803f56d0fe11735bb7a686c9c9c8ab816c93fbaf6135080ca6a187bd31f8ae4139b08185014b823bf4f845e1f9dfac3a3645ba1ca7d9e22e56bb1536a86cfe51204b712034a98983ae30d0ce71c4bcb429421380100c5675f5eda9fc8c09bd11a1364b9f4085f9d7a4ddf283f58c88d27439467836795ade27d2fe5d8271731821f3681dbc9fcdac983086a6e3f38739ca11ab0ffd9a325917dd44b30a9b82a7b6784be3fc0469fdf6f3671b4df1ab3f46e0afc7b0d73d2b01770610a777b67cf1bb91f12362db7eff4849d2968e99d2ab184a5359ef8bc27cc24917581a6beca150a72c8221c85f7e0d1861e6fe1dddfb2975ef08d186d9a4a608e0208cd4daaf7f61ed701fd1530b791ef308a59709f067408fa0a7a0b036ccea2831250bc6dc5a9f46c903e2bc7d17d0ba5d4178ab598341878d0a66fa53cfdb25b98ecdddfc6a99e50515f949e4608b1afc626ba15783922f27196732e3d6cca130409905d2713ecc6877ccb4035082c5c5a7929187db4de86766c6d773f9a784d6995b4e4e3809c72eeede0cc783c660ab94ccf772840a4fd455134a8f5955674ba8e18d60a973c021da7751d988fb39dc2b7975d018a49bfabd999344946f2fd38ee0c197ddd3f76df37d06a30a6161eb6224a4f20ced16b8f3fa30151325c2805b38c31d031f307d1263ade3b86cac358f90552b7c424362e5ce51d2166387d6d94d0c4413d603eef82c10dcfef2e80a911a12a8faeed2d6ab0e16e46986a98a836b3e7c3f410cd0efb1864ad2e383ed189e3f3e44ec60a353d761827f46e30f985611dee6c3cae41c8fcdebdf3af9ae788acdb23953043ef5bb64a51daa4e1bc768fbe0be5480409a752ed96a908669dbc205a9ce209001607463659b1db4ce63f8dc5219604f23e9a2cbdfc9db916482d391940844a191010d24c7dcba6edda9f5fd32e3a44ee95dd8c17b5027c72c085d1acf842983dc88407d4f83758743994d2abc2bb7f511f4854e61371864bc5c51650ade561a70c8d1a4d99157e3e36e8a56a85a1aa9a676a082709bba09b60794f2e4c8130ccaaf7b7b8b287b7737c83746cd77503e47cce3b5553921a179820893fce3db86db1c133d97e30f9a6fc11e1bde4afc1245b229fd5f2e3c1d3824660656b682aaec5cb22e5883ea4bae59053f9fe5616e927bb3557eaae12dd12d76514b54d5ccac7ae62473e4bf5b7673532a4d1426d3141048c6ddc410b2e3b2c16963214e0537f15aabebb392d1ab75a2ae503914e9a3e42ce17b36556af6370f425f9390fd598ae4069baaff95102250cffc3ded59c79a4af18552f7b6c1494b4d70c512cb585090cc9847f16807b50e2f8c0e40920b994c53cdc2593b3ed62ad4f5fa041f6be8cc094808cbfefe17aaaf9d049574f94ec59938aff20388b055fcdab2a9ff0ec9b12febc5f305a2a795059c588844e7420144f486624792b14e075f62035afbe1602859b46905306a43a061c0eb498a5822b637f954fafc84660028cb51a5063ff23f0084f0cc7860f7831965e6ffbd400a95e6b5302fcb3eae30abe238d44450dd856be232b8071e29ba651158b4c4d89bc32366dcc9fc8085fc252be70d8e12373d20546dab364ee13d98b43e1ef4e977958edf478fea39b4e0e33ca9b84d8b55af60c21954f35c58ee39136e8509e958dfd5c6949e1d9af003095f322c4f72fee01f2f91037e3a452c0bd5455365dd7f7a3738de6b43d9caa7fdac9e52028ffca1eeeb8717af27a27cee664938090ea49bd313aa2071d1a93ea7d1b62685f6639d75e31edfad7ead98e07ef1935ce78b3c70138d2f0dffb26489c5ec54cd27bf40d87a0da5d0dfebfa330767254f812fc16f6219255181cf5e7eb7db5c025c0cfc479fed385976db1e6a4364f81bb6c262daca9eb6d41d53dc4b2c72b1af28cb85ce522c77e802856ba80c2080a1281632be9d93ac3a1fb226ae40a833d0d80623a632f13c8b0aac6437114e3cbfa81f966b5c71a5cfac5547f41b5f2a7ba707d029692ae5d8ff7954d644ab3c33f0d0d45a41efea7279bda4430ee00b0ff01dccc495120b0160c53d172032563c9849dcb42fd274c64fa3a85d49da7d44c0796b3dca0a89e0e6781ae1029642462f6177e834468d4ebe7a02108f53a2c2ed153036c2b8ba52c2a1a56c952b7dc0c0f7f8e06da9d028e8cc1e5e034a59e3eda42384717b94e41c2f4e62da67e7ee198b8d0321b53c8c0bb4e1f44726c30e1b9a67da2b61173cfc216c63143cd4aad7f545ac499365e8bf73b5c1143263b1dcd6ae28ddd0315e6912e034d3615a03a07dc00c30a9cf292609d4ddbb572c6201406ff72792c4168db013f7898a229bf39e4e1cfb2dfdc0f11ac52f88c6446ca1d7201b5c18ea06c72f6eadeb1b0c7a764cfe855998e624772015370f28ef9d11864cb68cf9f708ac2412b5abc3a4e39bb33123915f0e9b976cfa690e3db06873c56a2111cb18c3b77d4c6c9b68df66cc56084a7549f4b395c75b578acae3cd9bded239f19949e9a79ca3257f046d8c1bbceaf6db50d65552c5aaf49eb17af0bfb107287171281a6e14c7e3a356b0276367eb6c52ecbf7eaec41cfb012c6a67eacb7a689a4954543e8893483d7f2fc1a2b76d8b744bd2f8e63ad94e294ab2cb1e656b28bb2930e486486424b2a78f4b4d1956b1b5fcde3110ddacb611283e81b2e1564a19e68aaf05203cec34d0a6ad81c2afd2104ce445e5dc2edbd2e59c8ea8ffd5ee0a3377749c1f85088480d1fb2f14a1eaaa02fcf75a936a9b20acba35460c1b40a1c180e8a9d2d821679fca17a34444da4a393406bac2c2535ddf948cf9bf696414ddea1947fb941ba73aed58880a20c6a2b79ab528ff7167bbb5d4766eac8f61656b22f42cfa9da002c70ee49e70291429ec1bb3974befb2057a145d99d8818018e662471a8fecdb26e4fe033a9c75270af63767ce166211ce20ab70a0ce95a566dcdda5e6c9a51f81436299d962a3bebf278802de3099129bd0421ce6d2ee30443eaea59a8b976e69a70b83c30745d8d29b4229a0a4a6677f1c8b7cff709dd82d5ad0fa605f30771df916480d3ff487ff46628653e7147412f7eec247f9acdb333789e077424f3318a7806473ee9c2f81701c36e841d0993af842aed1dd3d7fbaeb51561a4ad83dfc7aa06ab306184bfa70faa6f28eb0838883f1cb68034b6c6d0e4fb1b6deba5bed807b881b47dc6492129eeb240d1b2cd1fba79f2fa8257cef8cce51d497ad6c72c8305ac36d21d90a5b8f9a144221acd8e254106aeb26b61e10f4b7e7ba018b75ba6da010dafc12ef278209a404f8fb18e75d61d8a4cd86f213c9fee50a72fd8a9d8777d6a9090aff6b90737d42213fea75010e78abaca547f9113faf81660826f96c6dd9d1d9c9911a83f16b4580362fd497cb44ca3fb749fab5b03e789849ce3f33eed4dadce0c4ecc97fbe7d4a31a38861011377a89ec143aa910ee72f41f332c98179a57521271620601b5080688dcb729ed9ef174748c254a27f4c769330ca438fb8288ef37c992c6233b700e9662b0c535c09402222751fffd73f7af5642f21839e17d55bb95154359de5ba8d317a0f2477f125d69809873b0aa915afada3f6c6a3d182df8fdc8418f54f22ce093cfd7666eebdd3aa8b34297cfc63893c9309f764afb570ef4227bf8aaa1d6f6b0a47575f7a4f10f0d930c9f548109035f63fd57bf96b604e8cd8e2ee56623eb36f13f614560a6e66125fcd6e1af223f6e959af7ea1cfc69153bcb87b8f336b823b5706365b51f2a003619e815820b71b2de7d257b9e13abd816273c6a09a567a79afd4bd6a8043bd9292b039639cdb7506224a73b72657c6494678d1a809cb22355fb06467e5c95fc5bbcafbb2befa0f895f35a61fb7f9e29afc054715b3f5afbc3742f05600bc4e4d939cc1642e1ee28c73099340813f68950b63e6ebb38dfd42e1797d3ae318833331db87dd28c334b1ee83031420b746b4406f7cdb325097e052c8a3e1514dcad1329e63cd7d2f48a9a7a07c7f2aa844a53236b82d7fec0d3e6e620aa00c128f3f03de8e44f60aefe692529f2beed1238fc454d71074e29bdd956f7d91764afd0ceebd8a8bc2e4f6e3b9e753463f14b9f5ac740f8fb7cb064af9b48aa557ede7861b94728d1ab925efeb67e1327e311a220d05a37a53399e789fb0871540e35e7770478e49ae14f3f1f1867db6658faf4e0600025a93774086149ae6105c6e40d788e5fa37a030c49ea329824e2176e3d3c727008be8eedea74493ffd5d701e4984b2a8ddf6f7224e3ab1c1dcd36c5a907cd521a0b95c1a7438d86814bef428313261a5b163da6c0c6d46b1ef25c0a2eb3a35d2c1845a68ea740b8622a6b79799b56bfbbf37e631aeb701af122d4cde6f743664564a6e35a450cf3b9cc915d2d64a509662322e41b3eb1fc79effbc563d374a1b438d23774ff0b0a53b50276eaaabacf0dfcb0129682a439310060f6277125d3fcad59cc11f45a20c60129e99ffe2f29607318f46e10426e54301647301f35963e8fec75b36d373ae220536f0a5afbf25dc41a893fde4e0bb9e2759f60276a6eade078617417f815dc8824db920f0b641af48e9a50aa25933cb5e6edc1fd8004753da3327c2ba4d974d430c17a4572487f3143040cb6799c5de1009493571c11db1835e9ebd4b85876ae00f4583bc7f6b5a6e71ad7c98df14da793a59bc98bf7b264e16fec107748c2f4cbbbdfda7e9f0feb02452feddcf6c82a144e0465a09dd57fe92e2f522e7060f1df131b7a8404ca7383896fcd5ea0443b0c09f228c88be519b110370cb83f375d088ef8a5befc8edd0c06e963720e1e746c492b2b1a379a304d5802e94b481a825e2bd75a0f999179dca275b994d69ff0b96e8ec234d756e06f2622cc725d0e6052a58633edc3eb348adc5c55cfc666c0f176fedebfc312c2b6a666c53dcb9d303d62ac4ed4f4fa60d56f453e0f4b5c0b9ceed14e731af3d2cf94e55a5eb0489493ce73dd81f2818fe6c9125783861be3155af3775b15b2d26ae17c9c76f0b19ec46f0c039e9a5b893d39dbed5b361eec2db0325e3bca51592e37a0fc647411aa15e47d14bf863f62a5b5fe8f49f986e47baf8f96f17f2ae8c9d0ec7471ccccaf3c08e65f902e7d44f21e01da7e4c4da7c7782ad8cc9e1060452adcfd53dfec237d8f1d184323a212c071d70b67c731936727329bf2eb04c4838aae3a1be42889fde5e481ead63b18a3684383044c7aff5045132ac0550e485d26e782ad5e93315dd6c323cbab0a79c47a64e4b8ec4d0a25c678fad5a20cbd6c0fcb5750238b6947ec21a99dbdbfd2e55d291afe6edc0e3664e3d222d1a2443ce753af6ed55c75f52cecf077e", 0x1000, 0x7, 0x0, 0x1, r4}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0xf, 0xffffffff00000000, r7, &(0x7f0000000580)="fca9820e3372e348676724c8ac3eab151d3f327be43c7cfcf4dc246cedff38ed1d69fa139f897e7e20d1924b3d29511d19368beddb7b5e5e4f1df70b06dfcd6976600cfaddd33cf5ff2717b46b32eede2ca22e4ea5e9c1fb3f2df8245078b2cf46afea1878fc91948a91ff5888372bc925e442acbfd4f3701a13b02c61719a3787b20e40e3cc8024b851fb0461446d2ca61f3653e5a126bbfa73f9ad881d1ccf44632e1899f4b400f9bbfa", 0xab, 0x800, 0x0, 0x0, r0}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x7, 0x8, r6, &(0x7f0000000680)="be137fe0d2ae846746318f13a3a0dbef36bc44b7ee6b2a0f875fec605e473ef11d7cec3ed32f9ea1784c71343046207cb8d5f051d5a61f006200936a7e640fe55b28c6ba083d26fed86356120a9ca836b6b6cbd50333fef612f4f334b32991e3268b6298e64d8e92086d835ddc70bc5640faab49", 0x74, 0x10001, 0x0, 0x0, r7}, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x8, 0x4e, r6, &(0x7f0000000740)="cf473ed0acb3df041d1180ede7defbd20eb733f3c1958df004b9d64462df82f4f582e39713bdc47cb0f379ccecdf32055fb9fe80617ea47fd834a45be51ebb39d05382248ad38ae311cf5d23d348c355ffb1dbcaeba48162f15071e686842cf51c3852d6106eee45583b06ccbca6f12fc190293528f7f219df895dd96e4e2121c4091656e7b4ab0ee08417f5d388f587a0ca895de355e47193023dcb797aabcd238986797eea303c1d149098d5ced7d8a1c611d15b95029ab727e8417fa8c13725f40fdacfd5e5c624397858d9", 0xcd, 0x7fffffff, 0x0, 0x0, 0xffffffffffffff9c}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x5, 0x20, r3, &(0x7f0000000880)="711a1a4c539349228ba44d2011bcacff3f402a8a8e6d9016faeb60f240b3f59f98ca6c2c6453b1790ef354edebe65be8598d7ce2c30367c00def20102a8fa08f8d3754653472ce321ed401b14a49b1582c52d81c0ad73d0b3e8668f6c28b9f5cac70995a0d356fa4034161512d02d988fa9158", 0x73, 0x3, 0x0, 0x3, r7}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x6, 0x2bd9, r2, &(0x7f0000000940)="2b60bddb0633fdac098292c04a2683087742fd06ebfff381abd2ef4681a210bee758a14783fd0b88b73dc43475b718dc293eeb", 0x33, 0xbf55, 0x0, 0x3, r6}])
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000a00)={0x3, 0x1, {0x3, 0x3, 0x3, 0x3, 0x7}})
ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000040)={0x4, 0xd1, 0x6})

[  605.035587] Interruptibility = 00000008  ActivityState = 00000000
[  605.041815] *** Host State ***
[  605.045060] RIP = 0xffffffff81212aae  RSP = 0xffff88017f687350
[  605.051062] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  605.057840] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  605.065767] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  605.071756] CR0=0000000080050033 CR3=00000001d35ed000 CR4=00000000001426e0
[  605.078834] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
22:03:07 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:07 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001840)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@loopback, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000040)={0x80, 0x20, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x5})
keyctl$instantiate(0xc, 0x0, &(0x7f0000000cc0)=ANY=[@ANYPTR=&(0x7f0000000c80)=ANY=[]], 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480)='/dev/vcs#\x00', 0x0, 0x0)
close(0xffffffffffffffff)
pkey_alloc(0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000080))

22:03:07 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000)=[@cstype3={0x5, 0xa}], 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x800, 0x0)
ioctl$EVIOCGVERSION(r4, 0x80044501, &(0x7f00000000c0)=""/71)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  605.085620] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  605.091687] *** Control State ***
[  605.111492] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  605.122218] *** Guest State ***
[  605.125580] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  605.134531] EntryControls=0000d1ff ExitControls=002fefff
[  605.142308] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  605.151806] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:03:08 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x80350000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  605.159040] CR3 = 0x0000000000000000
[  605.162868] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  605.168922] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[  605.175725] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  605.181799] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  605.188577] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  605.198937] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:08 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f0000000100)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000c8, &(0x7f0000000080)=[@fda], &(0x7f00000000c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000180)})

[  605.207099]         reason=80000021 qualification=0000000000000000
[  605.234370] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.249522] IDTVectoring: info=00000000 errcode=00000000
[  605.255214] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  605.256572] binder: 22025:22026 transaction failed 29189/-22, size 32-536871112 line 2855
[  605.266063] TSC Offset = 0xfffffeb99718fb05
[  605.275838] binder: undelivered TRANSACTION_ERROR: 29189
[  605.276413] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.289557] EPT pointer = 0x00000001ca12601e
[  605.294124] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.302371] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.310452] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  605.320992] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.330084] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  605.338284] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  605.353438] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  605.367755] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  605.377110] Interruptibility = 00000000  ActivityState = 00000000
22:03:08 executing program 0:
r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff)
ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000600)=""/4096)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)={0x3f7d, 0xbf4c})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x2, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$inet_sctp(r3, &(0x7f0000000200)={&(0x7f00000000c0)=@in={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000180)="c7efa10cfb582eebbe03a8fd1fe6beb3596ccbd00a8798b8cd8731cff9af24d6b167bbbf4bf732d2b47592a85e0f49639733948e6ea47d14702d2cdfbbe8d1944aabef652bb45953c8d718f18f859f4241981539b331a1a9c4f017ce2062d426cb1676cddf6dc984258bd19a329c63148414be72698158dd19c1a377", 0x7c}, {&(0x7f0000000400)="76e9921e6d711d0f7b2d7d8faf1c56fc1dcf36c8dd1977a2498304ec2795515717ccac7b8dd352aff8d42c64677bb5303cc84c1faeb908bc1ecde51081eafb8c0fe62391e9d55fb60cabdde0a2113e2166a453bfaea0e11c6ddc540f950a7b9a80ddc5cda3011a73ce9fe9d277297848c36085042388aeeef0da7b651f6563f8ad13fede6756c5ba5a157d634f3c2d0b60103af14b3b2f917280c660e2ba5c589be9630c30e14a9493f88415286a6b46c870126b364496bafbee2ab3d0b8828d246da8575caf294fab6542f9698228a4921fe37ca4a28fbc79fd", 0xda}, {&(0x7f0000000500)="0f623748c76470b173aa8ae5de3c9cbf1e174fa633b3eac8ddd0c64cf1cbfbf31c77884f3a8d788dea6b92aaa221da80d8ffb781dfb7d309484bee0d7323b5320066b206b005e953c79a8b566149191693fa083c16b937f4aba7d6b1e6873f8a4ea802ee426af857452eea6b45e31eeb3656501605c2a95a83283b8728c914c6ffc047e36bc4c08233eb1ee230a61f9cd3cf25b9d5bf3562021e8f27373e847c7bd655c3bfc028f2edc2ee9625ca21", 0xaf}], 0x3, 0x0, 0x0, 0x4000}, 0x1)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000001600)={0x1, 0x0, [{}]})
openat$pfkey(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/self/net/pfkey\x00', 0x80, 0x0)
ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000240)=0x2)

22:03:08 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x88caffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:08 executing program 5:
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000040), 0xc, &(0x7f0000000440)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x1}}, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x2, 0x138, [0x20000780, 0x0, 0x0, 0x20000948, 0x20000978], 0x0, &(0x7f0000000000), &(0x7f0000000780)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xfffffffffffffffe}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{{{0x5, 0x0, 0x0, 'veth1_to_bridge\x00', 'rose0\x00', "73797a5f74756e0100", '\x00', @broadcast, [], @random="89b5869c4829", [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@remote}}}}]}]}, 0x1b0)

[  605.383637] *** Host State ***
[  605.386898] RIP = 0xffffffff81212aae  RSP = 0xffff88017df1f350
[  605.393212] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  605.399705] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  605.416992] kernel msg: ebtables bug: please report to author: Valid hook without chain
[  605.421074] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  605.431197] CR0=0000000080050033 CR3=00000001bc7e4000 CR4=00000000001426e0
[  605.438318] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  605.445215] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  605.454520] kernel msg: ebtables bug: please report to author: Valid hook without chain
[  605.460089] *** Control State ***
[  605.466354] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  605.473984] EntryControls=0000d1ff ExitControls=002fefff
[  605.479474] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  605.498594] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  605.505496] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  605.512235]         reason=80000021 qualification=0000000000000000
[  605.518552] IDTVectoring: info=00000000 errcode=00000000
[  605.524118] TSC Offset = 0xfffffeb96fd10fcb
[  605.528439] EPT pointer = 0x00000001ce60b01e
22:03:10 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:10 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.capability\x00', &(0x7f00000001c0)=@v1={0x1000000, [{0x82c, 0x625d}]}, 0xc, 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x7, &(0x7f0000000240)=0x10000004, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x37a, 0x20101000, 0xffffffffffffffff, 0xac8, 0x0, 0x1000, 0x6, 0x3ff, 0x8ab0, 0x6e}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:10 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:10 executing program 5:
r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0x4004550c, &(0x7f0000000000))

22:03:10 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f0000000080)={0x6, 0x3, [{0x9, 0x0, 0x5}, {0x65e, 0x0, 0x1000}, {0x9d, 0x0, 0x4}, {0xfffffffffffffff9, 0x0, 0x8}, {0xef64, 0x0, 0x3f}, {0x1, 0x0, 0xe85f}]})
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:10 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x200007fffffffffe, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x1010c0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PVERSION(r4, 0x80045500, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:10 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:10 executing program 5:
socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000))

[  607.826390] *** Guest State ***
[  607.829693] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  607.843982] *** Guest State ***
[  607.847373] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  607.862009] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:10 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)={0x6, [0x400, 0x4, 0xdc2, 0x8001, 0xfff, 0x7]}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  607.872483] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  607.884177] CR3 = 0x0000000000000000
[  607.891087] CR3 = 0x0000000000000000
[  607.896526] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  607.902653] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  607.908903] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  607.915870] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:03:10 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x6488, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  607.921952] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  607.929354] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  607.936618] CS:   sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000
[  607.944770] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  607.953381] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  607.962648] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:10 executing program 5:
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000180)=0x100000000040, 0x4)
poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0)

[  607.970751] SS:   sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000
[  607.983420] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  608.001336] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
22:03:10 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xfeffffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  608.020855] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  608.021152] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.028993] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  608.045064] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  608.053761] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  608.071491] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  608.087026] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  608.089745] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.095156] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  608.109872] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  608.117636] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.126718] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.135136] Interruptibility = 00000000  ActivityState = 00000000
[  608.141442] *** Host State ***
[  608.145785] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.152628] RIP = 0xffffffff81212aae  RSP = 0xffff8801889e7350
[  608.160632] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.162255] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  608.173616] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.175718] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  608.185687] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  608.191107] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  608.197750] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  608.203467] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  608.211271] Interruptibility = 00000000  ActivityState = 00000000
[  608.218201] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  608.224948] *** Host State ***
[  608.231109] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  608.234597] RIP = 0xffffffff81212aae  RSP = 0xffff88018843f350
[  608.240449] *** Control State ***
[  608.246737] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  608.249924] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  608.257006] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  608.263145] EntryControls=0000d1ff ExitControls=002fefff
[  608.271265] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  608.276512] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  608.282717] CR0=0000000080050033 CR3=00000001d1cee000 CR4=00000000001426e0
[  608.289396] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  608.296715] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  608.303160] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  608.310130] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  608.316480]         reason=80000021 qualification=0000000000000000
[  608.322829] *** Control State ***
[  608.328887] IDTVectoring: info=00000000 errcode=00000000
[  608.332653] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  608.337852] TSC Offset = 0xfffffeb7f998547b
[  608.344805] EntryControls=0000d1ff ExitControls=002fefff
[  608.348901] EPT pointer = 0x00000001c202601e
[  608.354767] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  608.365745] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  608.372446] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  608.379026]         reason=80000021 qualification=0000000000000000
[  608.382303] *** Guest State ***
[  608.385756] IDTVectoring: info=00000000 errcode=00000000
[  608.389197] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  608.394144] TSC Offset = 0xfffffeb7fc02d738
[  608.394154] EPT pointer = 0x00000001cc58c01e
[  608.403518] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  608.421828] CR3 = 0x0000000000000000
[  608.425806] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  608.431834] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  608.437909] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  608.444627] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.452649] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.460641] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  608.468692] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.469151] *** Guest State ***
[  608.476715] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.476733] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.476745] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.476767] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.480634] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  608.492496] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.496937] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  608.504468] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.512683] CR3 = 0x0000000000000000
[  608.521350] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  608.538282] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  608.546630] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  608.550007] Interruptibility = 00000000  ActivityState = 00000000
[  608.563964] *** Host State ***
[  608.574764] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  608.576412] RIP = 0xffffffff81212aae  RSP = 0xffff8801d3467350
[  608.581644] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  608.587851] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  608.593115] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.599306] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  608.608749] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.613956] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  608.613966] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  608.613977] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  608.613984] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  608.613986] *** Control State ***
[  608.613991] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  608.613995] EntryControls=0000d1ff ExitControls=002fefff
[  608.614003] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  608.614007] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  608.614012] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  608.614016]         reason=80000021 qualification=0000000000000000
[  608.614033] IDTVectoring: info=00000000 errcode=00000000
[  608.614039] TSC Offset = 0xfffffeb7f998547b
[  608.614046] EPT pointer = 0x00000001c202601e
[  608.623237] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  608.636257] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.672295] *** Guest State ***
[  608.678725] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.691633] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.691648] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  608.691666] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  608.691680] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.699700] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  608.703535] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.703546] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  608.703558] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  608.712297] Interruptibility = 00000000  ActivityState = 00000000
[  608.712301] *** Host State ***
[  608.712314] RIP = 0xffffffff81212aae  RSP = 0xffff8801833d7350
[  608.712335] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  608.720853] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  608.734363] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  608.740438] CR3 = 0x0000000000000000
[  608.747677] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  608.747692] CR0=0000000080050033 CR3=00000001d1cee000 CR4=00000000001426f0
[  608.756141] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  608.763803] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  608.772232] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  608.780743] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  608.789452] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  608.795714] *** Control State ***
[  608.803046] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.809658] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  608.815565] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.818285] EntryControls=0000d1ff ExitControls=002fefff
[  608.828433] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  608.833779] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  608.841927] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.846576] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  608.858255] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.864199] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  608.870930] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.876947]         reason=80000021 qualification=0000000000000000
[  608.888873] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  608.889806] IDTVectoring: info=00000000 errcode=00000000
[  608.896870] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  608.902452] TSC Offset = 0xfffffeb7fc02d738
[  608.908399] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  608.916054] EPT pointer = 0x00000001cc58c01e
[  608.921740] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  608.936815] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  608.951708] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  609.040373] Interruptibility = 00000000  ActivityState = 00000000
[  609.046674] *** Host State ***
[  609.049871] RIP = 0xffffffff81212aae  RSP = 0xffff880189edf350
[  609.056087] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  609.062541] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  609.070337] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  609.076667] CR0=0000000080050033 CR3=00000001caf3a000 CR4=00000000001426e0
[  609.083716] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  609.090387] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  609.096469] *** Control State ***
[  609.099918] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  609.106604] EntryControls=0000d1ff ExitControls=002fefff
[  609.112079] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  609.119042] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  609.125744] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  609.132348]         reason=80000021 qualification=0000000000000000
[  609.138648] IDTVectoring: info=00000000 errcode=00000000
[  609.144124] TSC Offset = 0xfffffeb7f998547b
[  609.148449] EPT pointer = 0x00000001c202601e
22:03:13 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:13 executing program 5:
r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x200, 0x1)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0x4008550c, &(0x7f0000000000))
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

22:03:13 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:13 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
fallocate(r2, 0x20, 0x8, 0xffff)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f00000001c0)=""/4096)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0xfffffffffffffffb)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
creat(&(0x7f0000000040)='./file0\x00', 0xa4)

22:03:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000080)="b9800000c00f3235000400000f3066baa000b002ee0f35660f58fd0f0133c4c2ad08c9c4c191fc963c0c000066ba4300ed66ba420066b8f1ff66efb9e7080000b81e080000ba000000000f30", 0x4c}], 0x1, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
memfd_create(&(0x7f0000000000)='/dev/kvm\x00', 0x5)

22:03:13 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x90000, 0x0)
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
ioctl$TUNSETOWNER(r4, 0x400454cc, r5)
write$apparmor_current(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="7065726d71b36f66706c65202f6465762f6b766d00060215c971c0797fadbe646bbe23a23aa58abe8bbd0e72703b0246110f73e29b72d9ec466e2650be9c04fa7477744a2c9397b9f66281378d7733cb664bb48182ece6ac3bc6af878b66f737ae2ae3d8f403003a5ca0570e8e59e9f79c5d1f6811c7a5efaf8a448b6879c8bf761affa8eaf9e00426f3e784df236e99"], 0x15)

22:03:13 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  610.870332] *** Guest State ***
[  610.875951] *** Guest State ***
[  610.876750] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  610.880830] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  610.888422] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  610.903586] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
22:03:13 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  610.922370] CR3 = 0x0000000000000000
[  610.926461] RSP = 0x0000000000000f80  RIP = 0x0000000000000015
[  610.931902] CR3 = 0x0000000000000000
[  610.933337] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  610.942622] Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
[  610.946696] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  610.954365] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:13 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xb00, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  610.969571] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  610.980677] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  610.982486] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  610.991812] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  611.002650] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.008189] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:13 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  611.025216] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.033551] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  611.048723] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.056916] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.063197] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:13 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  611.070334] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.077564] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  611.092178] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.100339] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.110806] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8864000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  611.111977] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  611.121776] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.135699] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  611.140061] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.142646] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  611.152573] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  611.165991] Interruptibility = 00000000  ActivityState = 00000000
[  611.173494] *** Host State ***
[  611.176740] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.176753] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  611.194691] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  611.196112] RIP = 0xffffffff81212aae  RSP = 0xffff88017ed17350
[  611.209785] Interruptibility = 00000000  ActivityState = 00000000
[  611.216497] *** Host State ***
[  611.219852] RIP = 0xffffffff81212aae  RSP = 0xffff88018fdbf350
22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  611.219908] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  611.226656] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  611.237035] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  611.251145] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  611.252937] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  611.265735] CR0=0000000080050033 CR3=00000001ce82d000 CR4=00000000001426e0
[  611.273390] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  611.280243] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  611.282384] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  611.294565] CR0=0000000080050033 CR3=00000001ca3dd000 CR4=00000000001426f0
[  611.301734] *** Control State ***
[  611.302763] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  611.307035] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  611.312066] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  611.323055] EntryControls=0000d1ff ExitControls=002fefff
[  611.330580] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  611.334281] *** Control State ***
[  611.341146] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  611.346569] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  611.350281] EntryControls=0000d1ff ExitControls=002fefff
[  611.354959] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  611.360168] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  611.367010]         reason=80000021 qualification=0000000000000000
[  611.373853] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  611.380342] IDTVectoring: info=00000000 errcode=00000000
[  611.387134] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  611.392756] TSC Offset = 0xfffffeb65b986c1f
[  611.399454]         reason=80000021 qualification=0000000000000000
[  611.403671] EPT pointer = 0x00000001c454401e
[  611.409829] IDTVectoring: info=00000000 errcode=00000000
[  611.419724] TSC Offset = 0xfffffeb65b5aca85
[  611.427569] EPT pointer = 0x00000001d53f801e
[  611.429160] *** Guest State ***
[  611.435720] CR0: actual=0x0000000000000021, shadow=0x0000000000000001, gh_mask=fffffffffffffff7
[  611.444910] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  611.454071] CR3 = 0x0000000000000000
[  611.457784] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  611.463797] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  611.469764] Sysenter RSP=0000000000000f80 CS:RIP=0030:0000000000002810
[  611.477057] CS:   sel=0x0030, attr=0x0409b, limit=0x000fffff, base=0x0000000000000000
[  611.487211] DS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  611.495671] *** Guest State ***
[  611.499059] SS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  611.499504] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  611.507102] ES:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  611.507122] FS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  611.507141] GS:   sel=0x0038, attr=0x04093, limit=0x000fffff, base=0x0000000000000000
[  611.516603] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  611.524003] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  611.524033] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  611.524045] IDTR:                           limit=0x000001ff, base=0x0000000000003800
[  611.524062] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.524071] EFER =     0x0000000000000001  PAT = 0x0007040600070406
[  611.524082] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  611.524091] Interruptibility = 00000000  ActivityState = 00000000
[  611.524094] *** Host State ***
[  611.524107] RIP = 0xffffffff81212aae  RSP = 0xffff88017ed17350
[  611.534086] CR3 = 0x0000000000000000
[  611.540149] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  611.549553] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  611.573600] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  611.588142] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  611.601506] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  611.608162] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  611.610777] CR0=0000000080050033 CR3=00000001ce82d000 CR4=00000000001426e0
[  611.615156] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.621372] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
22:03:14 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mq_open(&(0x7f0000000080)='lo.\x00', 0x0, 0x2, &(0x7f0000000100)={0x0, 0x0, 0x10000, 0x0, 0x7, 0x6, 0x7fff})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0xc8)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sequencer2\x00', 0x2, 0x0)
ptrace$peek(0x1, 0x0, &(0x7f0000000180))
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f0000000500)={0x4, 0x0, 0x0, 0x0, 0x4, 0x5})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000300)={{0x5}})
ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc))
r2 = syz_open_pts(r0, 0x2)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x8000, 0x0)
r3 = dup3(r2, r0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000001c0)={0x10})
write(r0, &(0x7f0000c34fff), 0xffffff0b)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000140), 0x1)

22:03:14 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  611.627697] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.635804] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  611.641643] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  611.647696] *** Control State ***
[  611.654387] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.661120] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  611.669669] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.676176] EntryControls=0000d1ff ExitControls=002fefff
[  611.691051] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.701033] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  611.723910] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  611.723920] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  611.723927]         reason=80000021 qualification=0000000000000000
[  611.723934] IDTVectoring: info=00000000 errcode=00000000
[  611.723940] TSC Offset = 0xfffffeb65b986c1f
[  611.723950] EPT pointer = 0x00000001c454401e
22:03:14 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)=0x1, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8035000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  611.734728] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  611.760397] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  611.789474] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  611.803293] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  611.812956] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  611.819466] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  611.841670] Interruptibility = 00000000  ActivityState = 00000000
[  611.854557] *** Host State ***
[  611.863555] RIP = 0xffffffff81212aae  RSP = 0xffff8801be5ff350
[  611.875673] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  611.891848] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  611.901182] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  611.912158] CR0=0000000080050033 CR3=00000001ca3dd000 CR4=00000000001426f0
[  611.919310] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  611.926300] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  611.937078] *** Control State ***
[  611.940617] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  611.947341] EntryControls=0000d1ff ExitControls=002fefff
[  611.952846] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  611.959767] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  611.966765] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  611.973395]         reason=80000021 qualification=0000000000000000
[  611.979734] IDTVectoring: info=00000000 errcode=00000000
[  611.985250] TSC Offset = 0xfffffeb65b5aca85
22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x5c000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:14 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20a80010}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x2c, r4, 0x414, 0x50bd2a, 0x400025dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000080)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:14 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x20, 0x1d, 0xffffffffffffffff, 0x0, 0x0, {0x20000000005}, [@nested={0xc, 0x1, [@typed={0x8, 0x0, @pid}]}]}, 0x20}}, 0x0)

22:03:14 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  611.989569] EPT pointer = 0x00000001d53f801e
22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  612.028882] netlink: 'syz-executor5': attribute type 1 has an invalid length.
[  612.065157] netlink: 'syz-executor5': attribute type 1 has an invalid length.
22:03:14 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x689, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:15 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x400000008912, &(0x7f0000000040)="153f6234488dd25d766070")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f0000000100)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000180)})

[  612.086102] *** Guest State ***
[  612.089508] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  612.104206] *** Guest State ***
[  612.107685] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  612.112271] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  612.129296] CR3 = 0x0000000000000000
22:03:15 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  612.137990] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  612.141560] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  612.147568] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  612.159449] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  612.168330] CR3 = 0x0000000000000000
[  612.171113] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:15 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  612.186468] binder: 22184:22185 transaction failed 29189/-22, size 0-8 line 2855
[  612.189676] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  612.201320] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.207403] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  612.213669] binder: undelivered TRANSACTION_ERROR: 29189
[  612.224371] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  612.239271] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  612.241516] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.248393] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.262215] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.271278] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  612.275698] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.292631] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.295208] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.301413] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.316998] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.318600] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.325732] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.333616] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.341275] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.349954] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.357417] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.366000] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.373410] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.381569] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  612.389495] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  612.396272] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  612.403047] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  612.409947] Interruptibility = 00000000  ActivityState = 00000000
[  612.417282] Interruptibility = 00000000  ActivityState = 00000000
[  612.423759] *** Host State ***
[  612.429841] *** Host State ***
[  612.433272] RIP = 0xffffffff81212aae  RSP = 0xffff88017fb4f350
[  612.436317] RIP = 0xffffffff81212aae  RSP = 0xffff880189357350
[  612.442521] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  612.448765] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  612.455219] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  612.461626] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  612.469349] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  612.476969] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  612.483364] CR0=0000000080050033 CR3=00000001cd068000 CR4=00000000001426e0
[  612.488837] CR0=0000000080050033 CR3=00000001d3906000 CR4=00000000001426f0
[  612.503079] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  612.510155] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  612.510560] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  612.518791] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  612.523150] *** Control State ***
[  612.529223] *** Control State ***
[  612.532710] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  612.536890] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  612.542987] EntryControls=0000d1ff ExitControls=002fefff
[  612.549756] EntryControls=0000d1ff ExitControls=002fefff
[  612.555214] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  612.555223] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  612.555236] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  612.561855] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  612.567900]         reason=80000021 qualification=0000000000000000
[  612.574705] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  612.581121] IDTVectoring: info=00000000 errcode=00000000
[  612.588363] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  612.594863] TSC Offset = 0xfffffeb5b83875eb
[  612.601199]         reason=80000021 qualification=0000000000000000
[  612.606691] EPT pointer = 0x00000001cd16701e
[  612.613909] IDTVectoring: info=00000000 errcode=00000000
[  612.625102] TSC Offset = 0xfffffeb5b6ecf383
[  612.638788] EPT pointer = 0x00000001cce1801e
[  612.643587] *** Guest State ***
[  612.647049] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  612.656407] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  612.665519] CR3 = 0x0000000000000000
[  612.673713] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  612.679808] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  612.686680] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:15 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000240)={r1, &(0x7f00000001c0)="fa9e7db2fee289c1715387af2f5e749aae9e4e2a3175", &(0x7f0000000200)}, 0x20)
clock_gettime(0x0, &(0x7f0000000100))
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040), 0x1000000000000106, &(0x7f0000000280)=""/179, 0xb3, 0x4}}], 0xe5, 0x0, &(0x7f0000001540))

22:03:15 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8848000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  612.693943] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.702676] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.710759] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  612.718887] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.727583] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
lsetxattr$security_smack_entry(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='security.SMACK64IPOUT\x00', &(0x7f0000000200)='/dev/kvm\x00', 0x9, 0x2)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendto(r3, &(0x7f0000000000)="513b85b391441465b9a1c2756d8eaa29fa", 0x11, 0x844, &(0x7f0000000080)=@llc={0x1a, 0x310, 0x2, 0xa8e, 0x9, 0x86ec, @local}, 0x80)

22:03:15 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0))
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0)
eventfd(0x0)
ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000180)=0x5)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000300), &(0x7f0000000380)=0x8)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e24, 0x4, @mcast2, 0xfffffffffffff000}, 0x1c)
readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1)
open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x80)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x100, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x1, 0x1000, &(0x7f000000a000/0x1000)=nil})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100))

22:03:15 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  612.743798] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.773647] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.781255] *** Guest State ***
[  612.783808] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.793507] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  612.798639] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  612.803070] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.825604] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  612.839869] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  612.842000] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  612.859500] Interruptibility = 00000000  ActivityState = 00000000
[  612.866721] CR3 = 0x0000000000000000
[  612.867730] *** Host State ***
[  612.871177] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  612.874545] RIP = 0xffffffff81212aae  RSP = 0xffff880189357350
[  612.880232] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  612.886400] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  612.892897] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  612.898982] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  612.917319] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.927976] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  612.931191] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.937933] CR0=0000000080050033 CR3=00000001d3906000 CR4=00000000001426f0
[  612.949186] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  612.950134] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  612.956137] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  612.966734] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.970489] *** Control State ***
[  612.978516] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.981770] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  612.990076] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  612.996878] EntryControls=0000d1ff ExitControls=002fefff
[  613.004888] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  613.009980] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  613.018178] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.024940] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  613.033118] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  613.039573] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  613.048033] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.054234]         reason=80000021 qualification=0000000000000000
[  613.062500] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  613.068519] IDTVectoring: info=00000000 errcode=00000000
[  613.075257] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  613.080417] TSC Offset = 0xfffffeb5b83875eb
22:03:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f0000000400))

22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xfeffffff00000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:16 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0))
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x0, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0)
eventfd(0x0)
ioctl$int_in(r2, 0x800000c0045002, &(0x7f0000000200)=0x1000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000180)=0x5)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000300), &(0x7f0000000380)=0x8)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e24, 0x4, @mcast2, 0xfffffffffffff000}, 0x1c)
readv(r2, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1)
open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x80)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x100, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x1, 0x1000, &(0x7f000000a000/0x1000)=nil})
ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100))

22:03:16 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x6, 0xfffffffffffffff7, 0x2, 0x8, 0x8, r3, 0x4}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000001c0)={0x40, 0x1, {0xffffffffffffffff, 0x1, 0xe55a, 0x2, 0x100}})
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000040))

22:03:16 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  613.088166] Interruptibility = 00000000  ActivityState = 00000000
[  613.092255] EPT pointer = 0x00000001cd16701e
[  613.098570] *** Host State ***
[  613.112272] RIP = 0xffffffff81212aae  RSP = 0xffff88018299f350
[  613.118919] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  613.125458] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  613.135524] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
22:03:16 executing program 5:
perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f00000001c0)="fc0000004a000700ab092500090007000aab80ff010000000000369321000100ff0100fb1e0500000000000000036915fa2c1ec28656aaa79bb94b46fe0000000700020800008c0000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ade01720d7d5bbc91a3e2e80772c74fb2cc56ce1f0f156272f5b00000005defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bbab2ccd243f295ed94e0ad93bd0243f7220734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d4480548deac270e33429fd3000175e63fb8d38a873cf1", 0xfc)
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00')
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x0, 0x202}, 0x14}}, 0x0)

22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x81000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  613.161184] CR0=0000000080050033 CR3=00000001cdf75000 CR4=00000000001426e0
[  613.172264] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  613.198825] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  613.210533] netlink: 180 bytes leftover after parsing attributes in process `syz-executor5'.
[  613.211917] *** Control State ***
[  613.223976] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  613.234763] EntryControls=0000d1ff ExitControls=002fefff
[  613.240360] netlink: 180 bytes leftover after parsing attributes in process `syz-executor5'.
[  613.249412] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  613.257917] *** Guest State ***
22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  613.261213] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  613.261228] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  613.261234] CR3 = 0x0000000000000000
[  613.261242] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  613.261257] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  613.281651] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  613.288693] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:16 executing program 5:
mq_open(&(0x7f0000000080)='lo.\x00', 0x0, 0x0, &(0x7f0000000100))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0xc8)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040))
r1 = syz_open_pts(r0, 0x2)
socket$pptp(0x18, 0x1, 0x2)
dup3(r1, r0, 0x0)
ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mixer\x00', 0x0, 0x0)
write(r0, &(0x7f0000000140), 0x0)

[  613.295745] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.312114] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  613.316436] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.326622]         reason=80000021 qualification=0000000000000000
[  613.352150] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  613.370049] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.372536] IDTVectoring: info=00000000 errcode=00000000
[  613.384726] TSC Offset = 0xfffffeb55577c9a4
[  613.387017] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.400557] EPT pointer = 0x00000001cc62401e
[  613.401573] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.414369] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  613.422578] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  613.433803] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  613.441914] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.450254] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  613.456892] *** Guest State ***
[  613.460202] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  613.469499] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  613.469811] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  613.477704] Interruptibility = 00000000  ActivityState = 00000000
[  613.486087] CR3 = 0x0000000000000000
[  613.493441] *** Host State ***
[  613.496642] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  613.496654] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  613.496669] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  613.496681] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.496699] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.500012] RIP = 0xffffffff81212aae  RSP = 0xffff88017fe7f350
[  613.505946] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  613.512605] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  613.527103] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  613.534987] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.540965] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  613.555466] CR0=0000000080050033 CR3=00000001ba3f1000 CR4=00000000001426f0
[  613.562975] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.571383] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  613.578820] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.585290] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  613.595450] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  613.599768] *** Control State ***
[  613.607488] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  613.614154] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  613.622600] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  613.625759] EntryControls=0000d1ff ExitControls=002fefff
[  613.633523] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.640476] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  613.648369] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  613.654168] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  613.662216] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  613.669511] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  613.676029] Interruptibility = 00000000  ActivityState = 00000000
[  613.682674]         reason=80000021 qualification=0000000000000000
[  613.689878] *** Host State ***
[  613.696810] IDTVectoring: info=00000000 errcode=00000000
[  613.702738] RIP = 0xffffffff81212aae  RSP = 0xffff8801807b7350
[  613.709339] TSC Offset = 0xfffffeb51c39e3f1
[  613.712416] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  613.718186] EPT pointer = 0x00000001cc94201e
[  613.723874] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  613.734688] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  613.747221] CR0=0000000080050033 CR3=00000001cdf75000 CR4=00000000001426f0
[  613.763727] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  613.772338] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  613.778517] *** Control State ***
[  613.782067] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  613.788740] EntryControls=0000d1ff ExitControls=002fefff
[  613.794241] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:03:16 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x4000, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r4, 0x891a, &(0x7f0000000080)={'syzkaller0\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}})
getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000100)={<r5=>0x0, 0x6, 0x100000000000000, 0x7}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000400)={r5, @in6={{0xa, 0x4e23, 0x98, @mcast1, 0x1f}}, 0xffffffff80000001, 0x1}, &(0x7f0000000200)=0x90)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:16 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4788, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x4, &(0x7f0000000000), 0x285)
socket$pppoe(0x18, 0x1, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x40702, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000180)={0x1, 0x0, [0x20, 0x0, 0x0, 0xfff, 0x0, 0x3ff, 0xffffffff, 0x3]})
ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f00000000c0))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10)

[  613.801163] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  613.808640] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  613.815550]         reason=80000021 qualification=0000000000000000
[  613.821862] IDTVectoring: info=00000000 errcode=00000000
[  613.827349] TSC Offset = 0xfffffeb55577c9a4
[  613.831669] EPT pointer = 0x00000001cc62401e
22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  613.891913] *** Guest State ***
[  613.895416] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  613.904759] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  613.905320] *** Guest State ***
[  613.915231] CR3 = 0x0000000000000000
[  613.922852] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  613.925862] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xf0ffffffffffff, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  613.938500] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  613.945804] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  613.957644] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  613.963837] CR3 = 0x0000000000000000
[  613.966043] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.977516] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  613.983304] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:16 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x3)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  613.985895] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  614.004515] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  614.010924] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.022357] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  614.026232] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:16 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x1400000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  614.037433] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.038167] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.056760] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.060388] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.075722] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:03:16 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:17 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8847000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  614.086918] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.088584] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.108639] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.117619] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.124604] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.128521] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  614.141830] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.155310] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  614.156810] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.172332] Interruptibility = 00000000  ActivityState = 00000000
[  614.178954] *** Host State ***
[  614.182366] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:17 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  614.190475] RIP = 0xffffffff81212aae  RSP = 0xffff88018c047350
[  614.197462] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.211611] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.219846] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  614.229866] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
22:03:17 executing program 5:
syz_emit_ethernet(0xffffffe9, &(0x7f0000000080)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x12f, 0x21, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000100)={0x0, 0x2, [0x0, 0xad4]})

[  614.230770] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  614.242788] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  614.250391] CR0=0000000080050033 CR3=00000001d297d000 CR4=00000000001426f0
[  614.255245] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  614.265201] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  614.273748] Interruptibility = 00000000  ActivityState = 00000000
[  614.274142] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  614.299174] *** Host State ***
[  614.303122] *** Control State ***
[  614.304418] RIP = 0xffffffff81212aae  RSP = 0xffff88018299f350
[  614.306787] dccp_v6_rcv: dropped packet with invalid checksum
[  614.312873] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  614.319372] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  614.325318] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  614.334642] dccp_v6_rcv: dropped packet with invalid checksum
[  614.340683] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  614.351567] CR0=0000000080050033 CR3=00000001ce19e000 CR4=00000000001426e0
[  614.353123] EntryControls=0000d1ff ExitControls=002fefff
[  614.359083] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  614.375053] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  614.376424] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  614.381975] *** Control State ***
[  614.392480] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  614.392946] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  614.403326] EntryControls=0000d1ff ExitControls=002fefff
[  614.412503] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  614.415908] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  614.420394] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  614.432998] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  614.435870]         reason=80000021 qualification=0000000000000000
[  614.440799]         reason=80000021 qualification=0000000000000000
[  614.447534] IDTVectoring: info=00000000 errcode=00000000
[  614.453872] IDTVectoring: info=00000000 errcode=00000000
[  614.459277] TSC Offset = 0xfffffeb4bcccf1a4
[  614.464921] TSC Offset = 0xfffffeb4bcb38d2d
[  614.470269] EPT pointer = 0x00000001ccaa501e
[  614.474205] EPT pointer = 0x00000001cce1801e
[  614.491222] *** Guest State ***
[  614.497427] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  614.507069] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  614.515989] CR3 = 0x0000000000000000
[  614.519714] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  614.525716] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  614.531694] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  614.532278] *** Guest State ***
[  614.538524] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.542144] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  614.549795] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.559725] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  614.566749] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  614.583613] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.584136] CR3 = 0x0000000000000000
[  614.595758] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.604248] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.612369] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  614.620831] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  614.621760] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  614.631745] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  614.636124] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.643631] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  614.649482] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.655986] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.663683] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  614.663694] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  614.663704] Interruptibility = 00000000  ActivityState = 00000000
[  614.663707] *** Host State ***
[  614.663719] RIP = 0xffffffff81212aae  RSP = 0xffff88018c047350
[  614.663739] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  614.672448] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.679674] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  614.688737] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  614.693485] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  614.697373] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.702703] CR0=0000000080050033 CR3=00000001d297d000 CR4=00000000001426f0
[  614.709573] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.717251] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  614.725450] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.733125] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  614.739268] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  614.747376] *** Control State ***
[  614.754352] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  614.762185] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  614.769093] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  614.776855] EntryControls=0000d1ff ExitControls=002fefff
[  614.783160] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  614.790935] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  614.795150] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  614.803975] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  614.810823] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  614.818684] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  614.824409] Interruptibility = 00000000  ActivityState = 00000000
[  614.832207]         reason=80000021 qualification=0000000000000000
[  614.839604] *** Host State ***
[  614.846250] IDTVectoring: info=00000000 errcode=00000000
[  614.853213] RIP = 0xffffffff81212aae  RSP = 0xffff88017e84f350
[  614.865864] TSC Offset = 0xfffffeb4bcccf1a4
22:03:17 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0))
syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x4, 0x400800)
r3 = perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x70, 0x9, 0x10000, 0xf45, 0x8, 0x0, 0x0, 0x420e2, 0x4, 0x1, 0x5, 0x6, 0x1, 0x9, 0xa7, 0x20, 0x396, 0xff, 0x7, 0xffff, 0x1ff, 0x7, 0x9, 0x6, 0x1, 0x3, 0x100, 0x434, 0x7, 0x9, 0x80000001, 0x9953, 0x7, 0x0, 0x2, 0x400, 0x1, 0x0, 0x3ff, 0x4, @perf_bp={&(0x7f0000000080), 0x2}, 0x1, 0x4, 0x6, 0x4, 0x9}, r1, 0xc, 0xffffffffffffffff, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x3)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:17 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:17 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  614.867096] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  614.873873] EPT pointer = 0x00000001ccaa501e
[  614.880004] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  614.889268] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  614.905116] CR0=0000000080050033 CR3=00000001ce19e000 CR4=00000000001426e0
[  614.952194] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  614.958959] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  614.980480] *** Control State ***
[  614.980926] *** Guest State ***
[  614.987376] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  614.990827] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  614.996345] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  615.006191] EntryControls=0000d1ff ExitControls=002fefff
[  615.013373] CR3 = 0x0000000000000000
[  615.017998] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  615.021434] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  615.028642] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  615.035389] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  615.041541] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  615.047196] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  615.054133]         reason=80000021 qualification=0000000000000000
[  615.060464] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.067366] IDTVectoring: info=00000000 errcode=00000000
[  615.074893] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.080684] TSC Offset = 0xfffffeb4bcb38d2d
[  615.089177] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:03:18 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4000)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r3, &(0x7f0000000080)="910af59841817dd1f2be809e038c8bb2bcaa66bc329778a6793fc81c44fa7314738aa483a23b93aea4c5cf83c62f62c02f4e6d1f7d269ed2dd2227bf7c0e7aec1a061e86a3a0ffa21a40c2a2555a9f0cd3b8d5730f043aabcad0cbba8a31b4a76ddc86a1b40d054ca565ba9d5565690f51", &(0x7f0000000180)=""/66}, 0x18)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:18 executing program 5:
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f00000000c0)=0x10d060000)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0)
eventfd(0x0)
ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000200)=0x1000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000180)=0x6)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000300), &(0x7f0000000380)=0x8)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e24, 0x4, @mcast2, 0xfffffffffffff000}, 0x1c)
readv(r0, &(0x7f00000014c0)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1)
open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x80)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x100, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x1, 0x1000, &(0x7f000000a000/0x1000)=nil})
ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100))

22:03:18 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:auditd_exec_t:s0\x00', 0x23)

22:03:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:18 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  615.093043] EPT pointer = 0x00000001cce1801e
[  615.100874] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.113262] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.121318] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.139315] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  615.154527] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.174641] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:03:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x8848, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  615.197551] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.197767] *** Guest State ***
[  615.205766] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  615.210407] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  615.216127] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  615.232527] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  615.241736] Interruptibility = 00000000  ActivityState = 00000000
22:03:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0xd00000000000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  615.257223] CR3 = 0x0000000000000000
[  615.261088] *** Host State ***
[  615.266943] RIP = 0xffffffff81212aae  RSP = 0xffff880181cc7350
[  615.274333] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  615.276717] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  615.281424] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  615.288070] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
22:03:18 executing program 5:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x20000003)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0)
sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f0000000000)=[{0x10, 0x10d, 0x8}], 0x10}}], 0x1, 0x0)

22:03:18 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x86ddffff00000000, 0x0, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  615.302554] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  615.312220] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  615.326792] CR0=0000000080050033 CR3=00000001ba00c000 CR4=00000000001426f0
[  615.327694] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.343394] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  615.350517] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  615.380014] *** Control State ***
[  615.394148] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  615.396776] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.410127] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  615.426085] EntryControls=0000d1ff ExitControls=002fefff
[  615.430539] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.437855] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  615.439761] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.452987] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  615.454840] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.461440] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  615.469713] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  615.476779]         reason=80000021 qualification=0000000000000000
[  615.484415] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.491071] IDTVectoring: info=00000000 errcode=00000000
[  615.498746] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  615.498765] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.498774] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  615.498785] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  615.498794] Interruptibility = 00000000  ActivityState = 00000000
[  615.498803] *** Host State ***
[  615.504387] TSC Offset = 0xfffffeb42755632d
[  615.512457] RIP = 0xffffffff81212aae  RSP = 0xffff88018d467350
[  615.520836] EPT pointer = 0x00000001c0b1901e
[  615.527762] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  615.548959] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  615.558603] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  615.558619] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426e0
[  615.558634] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  615.558645] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  615.558655] *** Control State ***
[  615.592806] *** Guest State ***
[  615.602556] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  615.605424] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  615.605432] EntryControls=0000d1ff ExitControls=002fefff
[  615.605446] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  615.605460] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  615.616469] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  615.628991] CR3 = 0x0000000000000000
[  615.642543] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  615.651594] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  615.655184]         reason=80000021 qualification=0000000000000000
[  615.661609] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  615.667372] IDTVectoring: info=00000000 errcode=00000000
[  615.667379] TSC Offset = 0xfffffeb409cc8af6
[  615.667393] EPT pointer = 0x00000001b9ddc01e
[  615.674996] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  615.685564] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.694363] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.707005] *** Guest State ***
[  615.709815] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  615.717467] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  615.721032] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.728752] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  615.737972] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.745985] CR3 = 0x0000000000000000
[  615.755308] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.767074] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  615.783144] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  615.783156] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  615.783169] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  615.793420] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  615.797547] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.806361] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  615.811447] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  615.819393] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.826262] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  615.834360] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.843489] Interruptibility = 00000000  ActivityState = 00000000
[  615.850666] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  615.858906] *** Host State ***
[  615.865166] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.873186] RIP = 0xffffffff81212aae  RSP = 0xffff8801c8b5f350
[  615.876485] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.887007] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  615.893326] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.901262] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  615.907748] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  615.916407] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  615.923883] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  615.931707] CR0=0000000080050033 CR3=00000001ba00c000 CR4=00000000001426e0
[  615.937423] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  615.945674] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  615.952466] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  615.961670] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  615.967175] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  615.975551] *** Control State ***
[  615.982600] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  615.992492] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  615.999685] Interruptibility = 00000000  ActivityState = 00000000
[  616.009694] EntryControls=0000d1ff ExitControls=002fefff
[  616.012787] *** Host State ***
[  616.020161] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  616.028666] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  616.032120] RIP = 0xffffffff81212aae  RSP = 0xffff88018d467350
[  616.035654] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  616.041416] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  616.048294]         reason=80000021 qualification=0000000000000000
[  616.055307] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  616.061146] IDTVectoring: info=00000000 errcode=00000000
[  616.073341] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
22:03:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x8afb328e6430ae19, 0x0)
socketpair$inet(0x2, 0x5, 0x800000, &(0x7f0000000400)={<r4=>0xffffffffffffffff})
ioctl$IOC_PR_REGISTER(r3, 0x401870c8, &(0x7f0000000240)={0xd3e, 0x4})
ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000440)={0xff, 0x1a, 0x6})
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f0000000000), 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x40840, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, 0x14, 0x1f1266c6a1c37b42, 0x70bd26, 0x25dfdbff, {}, [@generic="7e7ed07b6912bf3177d84e90a2607c214a516f7e6eb5da4a84f5163480"]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:19 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  616.075758] TSC Offset = 0xfffffeb42755632d
[  616.080103] CR0=0000000080050033 CR3=00000001d746a000 CR4=00000000001426f0
[  616.084704] EPT pointer = 0x00000001c0b1901e
[  616.091463] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  616.102735] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  616.108855] *** Control State ***
[  616.115732] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  616.124347] EntryControls=0000d1ff ExitControls=002fefff
22:03:19 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  616.130371] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  616.157309] *** Guest State ***
[  616.160878] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  616.161926] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  616.177072] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  616.181641] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  616.193628] CR3 = 0x0000000000000000
[  616.195218]         reason=80000021 qualification=0000000000000000
[  616.197456] RSP = 0x0000000000000f7a  RIP = 0x0000000000000042
[  616.210242] RFLAGS=0x00010046         DR7 = 0x0000000000000400
[  616.213976] IDTVectoring: info=00000000 errcode=00000000
[  616.217775] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  616.228589] TSC Offset = 0xfffffeb409cc8af6
[  616.229824] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.235411] EPT pointer = 0x00000001b9ddc01e
[  616.241293] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:19 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x8, &(0x7f0000000000), 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x4, 0x103280)
getsockname$unix(r3, &(0x7f0000000100)=@abs, &(0x7f0000000200)=0x6e)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, &(0x7f0000000180)={0x2, 0x0, [{}, {}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bind$unix(r0, &(0x7f00000009c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000a80)={0x6, &(0x7f0000000a40)=[{0x5, 0x6, 0x441, 0x7}, {0x8, 0x3ff, 0xae7a, 0x7}, {0x100000001, 0x2, 0x4, 0x400}, {0x8, 0x80, 0xffffffffffffff54, 0x3}, {0x5, 0x2, 0x5, 0x1}, {0x7, 0x9451, 0x0, 0x9}]})
socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000500)=@security={'security\x00', 0xe, 0x4, 0x430, 0x138, 0x250, 0x250, 0x250, 0x138, 0x360, 0x360, 0x360, 0x360, 0x360, 0x4, &(0x7f0000000240), {[{{@ipv6={@loopback, @remote, [0xff000000, 0xff, 0xffffff00, 0xffffff00], [0xffffffff, 0xff000000, 0x0, 0xff000000], 'ipddp0\x00', 'vlan0\x00', {}, {0xff}, 0xdf, 0x0, 0x7, 0x20}, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0x7f, 0x3, 0x3, 0x1, 0xec1c, 0x40, 0x50}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0xff, 0x9f88, 0x1, 0x0, 0x7ff, 0x6, 0x6, 0xa94b]}}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@icmp6={0x28, 'icmp6\x00', 0x0, {0x1f, 0x20, 0x8, 0x1}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xc8, 0x110}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0xfffffffffffffffd, 0xfffffffffffff055}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490)
recvfrom(r4, &(0x7f0000000400)=""/254, 0xfe, 0x10060, 0x0, 0x0)

22:03:19 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x190, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0x10, 0x100000003, 0x0)
sendmsg(r0, &(0x7f0000000040)={&(0x7f0000000280)=@nl, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000400)="5500000018007fd500fe01b2a4a280930a06000000a84308910000003900080008000a0000dc1338d54400009b84136ef75afb83de448daa72540d816ed2c55327c43ab8220000060cec4fab91d400000000000000", 0x55}], 0x1, &(0x7f0000000100)}, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040), 0x4)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/17, 0x0, 0x1000}, 0x18)

22:03:19 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @local, 0x1}, 0x1c)

22:03:19 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8864000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  616.254031] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  616.262428] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.275849] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:19 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xb00000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:19 executing program 5:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234418dd25d766070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000deb000)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffd32, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10)

[  616.300911] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.326409] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  616.348960] *** Guest State ***
22:03:19 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  616.366036] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.368838] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  616.401221] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:03:19 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x1, 0xee, 0x40, 0x8000}, {0x7f, 0x78d, 0x6, 0x5}]})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
mount(&(0x7f0000000280)=ANY=[@ANYBLOB="2f64656090de3493762f6e756c6c623000"], &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='pipefs\x00', 0x40, &(0x7f0000000240)='\x00')

22:03:19 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xd00000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  616.418019] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  616.425831] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.432511] CR3 = 0x0000000000000000
[  616.445689] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  616.450566] RSP = 0x0000000000000f80  RIP = 0x0000000000000045
[  616.464550] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  616.469304] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  616.482271] Interruptibility = 00000000  ActivityState = 00000000
[  616.490414] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  616.499806] *** Host State ***
[  616.501331] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.503604] RIP = 0xffffffff81212aae  RSP = 0xffff88018cdbf350
[  616.511372] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.517917] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  616.526266] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  616.541226] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.543686] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  616.549311] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.557991] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  616.566018] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.582407] CR0=0000000080050033 CR3=00000001ba3fd000 CR4=00000000001426e0
[  616.590355] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  616.594777] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  616.604883] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  616.609592] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.615788] *** Control State ***
[  616.620110] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  616.624740] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  616.634920] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.643864] EntryControls=0000d1ff ExitControls=002fefff
[  616.651514] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  616.657332] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  616.663860] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  616.670978] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[  616.678491] Interruptibility = 00000000  ActivityState = 00000000
[  616.685585] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[  616.691356] *** Host State ***
[  616.698191]         reason=80000021 qualification=0000000000000000
[  616.701230] RIP = 0xffffffff81212aae  RSP = 0xffff880181cc7350
[  616.707875] IDTVectoring: info=00000000 errcode=00000000
[  616.713680] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  616.719288] TSC Offset = 0xfffffeb38684afe2
[  616.725592] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  616.730119] EPT pointer = 0x00000001cdacf01e
[  616.737818] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  616.750801] CR0=0000000080050033 CR3=00000001d8524000 CR4=00000000001426f0
[  616.758395] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  616.765369] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  616.771419] *** Control State ***
[  616.774902] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  616.781562] EntryControls=0000d1ff ExitControls=002fefff
[  616.787064] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  616.794094] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  616.801295] *** Guest State ***
[  616.801638] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  616.805285] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  616.821681]         reason=80000021 qualification=0000000000000000
[  616.821822] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  616.828221] IDTVectoring: info=00000000 errcode=00000000
[  616.828235] TSC Offset = 0xfffffeb36e777793
[  616.837594] CR3 = 0x0000000000000000
[  616.842557] EPT pointer = 0x00000001c8f9f01e
[  616.847268] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  616.861080] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  616.861095] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  616.861107] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.861129] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.873816] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  616.873833] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.873850] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.873869] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.873883] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  616.882070] *** Guest State ***
[  616.889839] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  616.905005] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  616.912232] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  616.914286] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  616.921725] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.921737] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  616.921748] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  616.921761] Interruptibility = 00000000  ActivityState = 00000000
[  616.930104] CR3 = 0x0000000000000000
[  616.933158] *** Host State ***
[  616.941334] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  616.950035] RIP = 0xffffffff81212aae  RSP = 0xffff8801c653f350
[  616.950058] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  616.950070] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  616.950082] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  616.962696] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  616.967113] CR0=0000000080050033 CR3=00000001ba3fd000 CR4=00000000001426e0
[  616.975399] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  616.981466] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  616.989162] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  616.995186] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  616.999280] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.002186] *** Control State ***
[  617.002196] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  617.002203] EntryControls=0000d1ff ExitControls=002fefff
[  617.002216] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  617.002224] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000
[  617.002232] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
22:03:19 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
time(&(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x200000003, 0x0, 0x0, 0x2000, &(0x7f0000003000/0x2000)=nil})
r3 = dup(r0)
timerfd_settime(r3, 0x1, &(0x7f00000000c0), &(0x7f0000000100))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, {}, {0x3000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0xb5, 0x80000)
ioctl$RTC_UIE_ON(r5, 0x7003)

22:03:19 executing program 5:
r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket(0x840000000002, 0x3, 0xff)
close(r0)

22:03:19 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x1400, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  617.002239]         reason=80000021 qualification=0000000000000000
[  617.002246] IDTVectoring: info=00000000 errcode=00000000
[  617.002251] TSC Offset = 0xfffffeb38684afe2
[  617.002259] EPT pointer = 0x00000001cdacf01e
[  617.008883] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  617.021076] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.156649] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.156669] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.156681] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  617.156699] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  617.156712] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  617.156731] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.156741] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  617.156753] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  617.156763] Interruptibility = 00000000  ActivityState = 00000000
[  617.156766] *** Host State ***
[  617.156779] RIP = 0xffffffff81212aae  RSP = 0xffff880187e37350
[  617.156801] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  617.156813] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000034000
[  617.156824] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  617.156839] CR0=0000000080050033 CR3=00000001d8524000 CR4=00000000001426f0
[  617.156854] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  617.156866] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  617.156871] *** Control State ***
[  617.156880] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  617.156888] EntryControls=0000d1ff ExitControls=002fefff
[  617.156901] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:03:20 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1, 0x509202)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000080)={<r4=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x1, 0x1, 0x400, 0x80000001, r4}, 0x10)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:20 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:20 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x5c00, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}, {}, {0x0, 0xf001, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffd}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:20 executing program 5:
request_key(&(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)=',vboxnet0selinux[-%\x00', 0x0)

22:03:20 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
msgget$private(0x0, 0x100)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f00000001c0)="2c3b0c341169d9c8993819c81f9c5895e40a7852b23555c485cc995b7c90029734e467a8c80483af28560134d37a4da93a4434d0a2b2957e", &(0x7f0000000100)="2cab93e367513d99598a73c70b12b4af0781814cbf335c632557352a41d7b55d4ecbb188b8ec244ee6051ded0d24d0339dda1eb0"}, 0x83)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  617.156910] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  617.156918] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  617.156926]         reason=80000021 qualification=0000000000000000
[  617.156934] IDTVectoring: info=00000000 errcode=00000000
[  617.156940] TSC Offset = 0xfffffeb36e777793
[  617.156949] EPT pointer = 0x00000001c8f9f01e
22:03:20 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xffffdd86, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:20 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0xc0000000000002, &(0x7f0000000140)=0x75, 0x4)
bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='highspeed\x00', 0xa)
recvmmsg(r0, &(0x7f00000052c0)=[{{0x0, 0x0, &(0x7f00000002c0)}}], 0x1, 0x0, 0x0)

[  617.398927] *** Guest State ***
[  617.407854] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  617.423509] *** Guest State ***
[  617.427058] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  617.436438] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:03:20 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000000040))
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040), 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  617.455593] CR3 = 0x0000000000000000
[  617.459449] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  617.479839] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  617.486335] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:03:20 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:20 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000), 0x0, 0x0}, 0x0)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  617.506542] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  617.517403] CR3 = 0x0000000000000000
[  617.532090] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  617.537684] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.542969] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  617.562944] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  617.565111] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.574044] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.586465] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.590003] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  617.594864] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
22:03:20 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x689, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  617.612730] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.623475] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.631575] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.639404] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.640002] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  617.649232] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.664081] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.671423] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.680285] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  617.694464] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  617.697643] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.706386] LDTR: sel=0x0000, attr=0x10000, limit=0x0000f001, base=0x0000000000000000
[  617.718841] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  617.719145] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  617.727319] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  617.737657] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  617.745726] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  617.750079] Interruptibility = 00000000  ActivityState = 00000000
[  617.755938] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  617.762438] *** Host State ***
[  617.770063] Interruptibility = 00000000  ActivityState = 00000000
[  617.773261] RIP = 0xffffffff81212aae  RSP = 0xffff8801c8b5f350
[  617.779179] *** Host State ***
[  617.785507] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  617.788457] RIP = 0xffffffff81212aae  RSP = 0xffff88017e84f350
[  617.795229] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  617.801172] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  617.809303] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  617.815333] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  617.821500] CR0=0000000080050033 CR3=00000001bab1d000 CR4=00000000001426e0
[  617.831101] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  617.839451] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  617.845252] CR0=0000000080050033 CR3=00000001cdf0a000 CR4=00000000001426e0
[  617.852112] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  617.858931] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  617.865861] *** Control State ***
[  617.872845] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  617.876516] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  617.882466] *** Control State ***
[  617.889435] EntryControls=0000d1ff ExitControls=002fefff
[  617.893015] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  617.898900] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  617.907233] EntryControls=0000d1ff ExitControls=002fefff
[  617.914468] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  617.919658] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  617.926585] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  617.933423] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  617.940167]         reason=80000021 qualification=0000000000000000
[  617.948035] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  617.954570] IDTVectoring: info=00000000 errcode=00000000
[  617.961031]         reason=80000021 qualification=0000000000000000
[  617.966753] TSC Offset = 0xfffffeb2da0c91ea
[  617.972891] IDTVectoring: info=00000000 errcode=00000000
[  617.977371] EPT pointer = 0x00000001b94a501e
[  617.982710] TSC Offset = 0xfffffeb2dbd30a94
[  617.991892] EPT pointer = 0x00000001cbf5b01e
[  617.998715] *** Guest State ***
[  618.003425] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  618.013251] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  618.022840] CR3 = 0x0000000000000000
[  618.023238] *** Guest State ***
[  618.026668] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  618.029982] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  618.036092] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  618.047073] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  618.066419] CR3 = 0x0000000000000000
[  618.070278] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  618.070797] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  618.082796] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.091436] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.093554] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  618.102205] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  618.106078] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  618.114306] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.121640] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.128914] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.136966] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.144653] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.152377] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  618.161143] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  618.168651] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.176763] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  618.184476] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.192837] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  618.200521] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.208781] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.216516] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  618.224812] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  618.232684] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  618.239148] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  618.254812] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  618.254860] Interruptibility = 00000000  ActivityState = 00000000
[  618.263096] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.269368] *** Host State ***
[  618.280478] RIP = 0xffffffff81212aae  RSP = 0xffff8801c8b5f350
[  618.287193] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  618.293522] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  618.295500] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  618.313388] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  618.316145] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  618.320844] Interruptibility = 00000000  ActivityState = 00000000
[  618.320849] *** Host State ***
[  618.320861] RIP = 0xffffffff81212aae  RSP = 0xffff88017e84f350
[  618.320882] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  618.326853] CR0=0000000080050033 CR3=00000001bab1d000 CR4=00000000001426e0
[  618.344338] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  618.345419] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  618.351234] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  618.358489] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  618.373736] CR0=0000000080050033 CR3=00000001cdf0a000 CR4=00000000001426e0
[  618.379732] *** Control State ***
[  618.385807] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  618.393588] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  618.396583] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  618.404774] EntryControls=0000d1ff ExitControls=002fefff
[  618.412623] *** Control State ***
[  618.417500] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  618.421193] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  618.424679] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  618.424687] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  618.424695]         reason=80000021 qualification=0000000000000000
[  618.424701] IDTVectoring: info=00000000 errcode=00000000
22:03:21 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f0000000080)=""/160)
r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x80000)
shutdown(r3, 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000580)=<r4=>0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000600)=<r5=>0x0)
tgkill(r4, r5, 0x3a)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{}, 0x0, @in6=@remote}}, &(0x7f0000000400)=0xe8)
read$eventfd(r3, &(0x7f0000000640), 0x8)
fstat(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
write$P9_RGETATTR(r3, &(0x7f00000004c0)={0xa0, 0x19, 0x2, {0x200, {0x5, 0x1, 0x8}, 0x24, r6, r7, 0x1, 0x8000, 0xded5, 0x7fff, 0x20, 0x5, 0x5, 0x802, 0xb0, 0xb89, 0x1, 0x2, 0xffffffff, 0x546c, 0x3}}, 0xa0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:21 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f00000003c0))
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000040))
setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000440)=0x1, 0xfffffffffffffd70)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00')
sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="e8000000", @ANYRES16=r2, @ANYBLOB="200029bd7000fedbdf25060000000c000300080003000300000008000500030000004000030008000500000000000800030004000000080003000300000008000500e000000114000600fe8000000000000000000000000000aa0800040000000000080005007d1b000020000100080005000100000014000300008000000000000000000000000000001c00030008000800f2000000080008000000000008000400ff7f00003c000200080003000700000008000600eb1b000008000700040000000800030000000000080003000300000008000900380c00000800080008000000"], 0xe8}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f0000000340)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:21 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0x100000000000000)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  618.424707] TSC Offset = 0xfffffeb2da0c91ea
[  618.424715] EPT pointer = 0x00000001b94a501e
[  618.431949] EntryControls=0000d1ff ExitControls=002fefff
[  618.454595] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  618.488220] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  618.496550] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  618.504075]         reason=80000021 qualification=0000000000000000
[  618.510570] IDTVectoring: info=00000000 errcode=00000000
22:03:21 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socket$vsock_dgram(0x28, 0x2, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:21 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ptype\x00')
r1 = socket$kcm(0x29, 0x2, 0x0)
sendfile(r1, r0, &(0x7f0000301ff8), 0xffffffff)
write$binfmt_aout(r1, &(0x7f00000000c0), 0xfffffdef)

22:03:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  618.517203] TSC Offset = 0xfffffeb2dbd30a94
[  618.523148] EPT pointer = 0x00000001cbf5b01e
22:03:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xf0ffff, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:21 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0x4000000000000)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xfeffffff, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:21 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  618.652119] *** Guest State ***
[  618.655875] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  618.669241] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  618.679084] CR3 = 0x0000000000000000
[  618.684005] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  618.685481] *** Guest State ***
[  618.690128] RFLAGS=0x00000006         DR7 = 0x0000000000000400
22:03:21 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r2 = msgget(0x3, 0x300)
msgsnd(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000000000000927f0d902401e751e70b2ef7769391f198e335911f768220fa051d863e0ba543917602c38b98d5c04f7f015c4fed9cf441ae229cf8e2116f76207de5951d4fdbe1279ed5be415d8d68f9c66416f9556c3e8dbaa83530bc803b5e62e1bc40047c059c7419941b344eac82e15069b36dbf8a14c135b7e47c8baba23114861ea56bf1f7cbc92fc7e2649ef808798422e47d8c7003b3e872bfe95467ef86832f08e205a20d60737ae52bae84e605caaacc914479a04b4decc1c1c44640ea9d924e8ea9cee2dc958d5a0503380ab365b8ccbaac58594141459e272166eb917274d8ca767ddde85071c336cb5733ba0c3abe7d28eef163ee11b33b8deff8dba9d2fa7c53bef3d167223d5920c6891f4a4a1847ca61f8e1353dc9f7af4c6aca58910cc81b2d34dabfd6d0b391836f5a0487939b8abbf129e05d972c5ffd21517784dc31ec5c8f70a741f0b9ca85ed793abe868e377ad602f4c4069bfa3790f9"], 0xe4, 0x800)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f00000007c0)="9e927c00369d5828adc39ffbb1dabc9a0d327048bb742dabd9d895de326ff784a617f034b28e5e40f9bf9b52a350e52a707a8881baa48b7754fe5925cdd6a88f26d1fdbfc4ebc1e51825910a0453218de12e03d17652bdc8bcd688d44e511c3f9d3bbf92ccc6cb59ba0545b0faf17aff8cb121c8c7976d72d49af0ea7302acbde87506adac0eb7699fa6f0f77fd959", &(0x7f00000006c0)="2f38e21c08ab9a9f1a088d5b296a9dd72a84bc0783c20c2a6793be90d0640cf00096c382971db1104c4c6c295d7236a32028300eebddc73f49d59e45277c5b5a0c0a60c6dfb76b46b80bb405a35c931b007e1be42641a7e413804bb8d17dbedef360150c14f867a9fe6c3707b685718c4e3424bf0b47a431ab62a4753ceffedde6d676eefe8fae8007419084237cccc263ff2dbf3c76a331e00a055f44ebde92b163be2447f9fb16237bf28a56094166339be16a7aaae95fe46af9ae80f212c5da229c4248eda3f59d6dff2071d39bc23598765f38edb2f559412e72c0c6f4"}, 0xf)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  618.716717] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  618.738278] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  618.741269] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:21 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xffffca88, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  618.760967] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  618.764353] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.775804] CR3 = 0x0000000000000000
[  618.780912] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  618.795334] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.813712] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.819178] RSP = 0x0000000000000f80  RIP = 0x0000000000000035
[  618.823964] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.831215] RFLAGS=0x00000046         DR7 = 0x0000000000000400
[  618.848008] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  618.852262] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  618.867111] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.876051] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.887928] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  618.896282] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.908561] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.917156] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  618.930259] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  618.933238] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  618.945943] Interruptibility = 00000000  ActivityState = 00000000
[  618.948892] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.952373] *** Host State ***
[  618.960657] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.964052] RIP = 0xffffffff81212aae  RSP = 0xffff880180b37350
[  618.971979] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  618.977855] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  618.985974] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  618.992323] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  619.000704] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.008219] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  619.016347] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  619.022158] CR0=0000000080050033 CR3=00000001bab1d000 CR4=00000000001426e0
[  619.030304] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.037202] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  619.045300] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  619.051943] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  619.058612] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  619.064488] *** Control State ***
[  619.072588] Interruptibility = 00000000  ActivityState = 00000000
[  619.075460] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  619.081660] *** Host State ***
[  619.088384] EntryControls=0000d1ff ExitControls=002fefff
[  619.091611] RIP = 0xffffffff81212aae  RSP = 0xffff88017e84f350
[  619.097081] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  619.103157] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  619.110036] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  619.116624] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  619.123190] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  619.131537] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  619.138149]         reason=80000021 qualification=0000000000000000
[  619.144110] CR0=0000000080050033 CR3=00000001d2c70000 CR4=00000000001426f0
[  619.150379] IDTVectoring: info=00000000 errcode=00000000
[  619.157547] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  619.162952] TSC Offset = 0xfffffeb233cdd368
[  619.169682] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  619.174044] EPT pointer = 0x00000001bab3b01e
[  619.180104] *** Control State ***
[  619.187816] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  619.195350] EntryControls=0000d1ff ExitControls=002fefff
[  619.200889] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  619.207879] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  619.214588] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  619.221164]         reason=80000021 qualification=0000000000000000
[  619.227514] IDTVectoring: info=00000000 errcode=00000000
[  619.227887] *** Guest State ***
[  619.232992] TSC Offset = 0xfffffeb2335ca985
[  619.233002] EPT pointer = 0x00000001cd57c01e
[  619.245014] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  619.253894] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  619.262757] CR3 = 0x0000000000000000
[  619.266451] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  619.272447] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  619.278850] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  619.285543] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.293650] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.301646] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  619.309666] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.317680] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.325690] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.334067] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  619.342091] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.350065] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  619.358110] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.366127] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  619.372555] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  619.379997] Interruptibility = 00000000  ActivityState = 00000000
[  619.386767] *** Host State ***
[  619.389965] RIP = 0xffffffff81212aae  RSP = 0xffff880187e37350
[  619.395975] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  619.402436] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  619.410240] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  619.416180] CR0=0000000080050033 CR3=00000001bab1d000 CR4=00000000001426f0
[  619.423234] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  619.429902] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  619.435984] *** Control State ***
[  619.439440] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  619.446166] EntryControls=0000d1ff ExitControls=002fefff
[  619.451624] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  619.453636] *** Guest State ***
[  619.458583] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  619.462493] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  619.468943] VMExit: intr_info=00000000 errcode=00000000 ilen=00000001
[  619.477829] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  619.484222]         reason=80000021 qualification=0000000000000000
[  619.493222] CR3 = 0x0000000000000000
[  619.499410] IDTVectoring: info=00000000 errcode=00000000
[  619.508612] TSC Offset = 0xfffffeb233cdd368
[  619.513104] EPT pointer = 0x00000001bab3b01e
[  619.514343] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  619.524335] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  619.530642] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  619.542450] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.550505] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.559338] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  619.567734] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.575768] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.583775] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.591740] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  619.599768] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  619.607773] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  619.616020] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.624054] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  619.630454] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  619.637950] Interruptibility = 00000000  ActivityState = 00000000
[  619.644241] *** Host State ***
[  619.647474] RIP = 0xffffffff81212aae  RSP = 0xffff88017e84f350
[  619.653479] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  619.659887] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  619.667703] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  619.673605] CR0=0000000080050033 CR3=00000001d2c70000 CR4=00000000001426e0
[  619.680611] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  619.687312] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  619.694247] *** Control State ***
[  619.697683] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  619.704462] EntryControls=0000d1ff ExitControls=002fefff
[  619.709909] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
22:03:22 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KDENABIO(r0, 0x4b36)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:22 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000200)='/dev/urandom\x00', 0x14a80, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x800000000000fc6)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={<r4=>0x0}, &(0x7f0000000100)=0xc)
write$cgroup_pid(r0, &(0x7f00000001c0)=r4, 0x12)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xffffffffffffffff, 0x4080)

22:03:22 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:22 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0xfeffffff)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:22 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000400)='/dev/null\x00', 0x0, 0x0)
ioctl$KDSETMODE(r3, 0x4b3a, 0x401)
r4 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xdd7, 0x101001)
mkdirat$cgroup(r4, &(0x7f0000000080)='syz0\x00', 0x1ff)
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000100)=<r6=>0x0)
perf_event_open(&(0x7f0000000200)={0x3, 0x70, 0x1f, 0xa17, 0xdc5c, 0x4, 0x0, 0x0, 0x20000, 0x4, 0xa1f, 0x1, 0x3d780000000000, 0x7, 0x8001, 0x0, 0xec8, 0x100000000, 0x3f, 0x9, 0x6, 0x7, 0x1, 0x1, 0xf9d1, 0x5, 0xc00000000000, 0xc3, 0x8, 0x149, 0x100000000, 0x0, 0x3, 0x1, 0xb3, 0x4, 0x5, 0x3, 0x0, 0x1, 0x2, @perf_bp={&(0x7f00000000c0), 0x2}, 0x800, 0x7, 0x0, 0x5, 0x100, 0x20, 0x9}, r6, 0x4, 0xffffffffffffff9c, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  619.716848] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  619.723536] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  619.730095]         reason=80000021 qualification=0000000000000000
[  619.736426] IDTVectoring: info=00000000 errcode=00000000
[  619.741869] TSC Offset = 0xfffffeb2335ca985
[  619.746205] EPT pointer = 0x00000001cd57c01e
22:03:22 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x89060000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  619.811610] *** Guest State ***
[  619.814651] *** Guest State ***
[  619.815105] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  619.818301] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  619.827285] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  619.845274] CR3 = 0x0000000000000000
[  619.860957] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  619.872274] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  619.875253] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  619.891885] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  619.897669] CR3 = 0x0000000000000000
[  619.899296] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:22 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x88470000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  619.904812] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  619.910444] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.929159] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  619.929653] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  619.942361] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.948814] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:22 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:22 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x800e, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  619.962423] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.970592] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.978687] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.983496] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  619.999352] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  620.008077] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.020741] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.032199] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.043772] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.052223] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:22 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xb00, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  620.054966] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.087497] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.097791] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.102733] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.111513] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  620.125000] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  620.135941] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.139520] Interruptibility = 00000000  ActivityState = 00000000
[  620.144749] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.151189] *** Host State ***
[  620.161816] RIP = 0xffffffff81212aae  RSP = 0xffff880187e37350
[  620.162435] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  620.168140] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  620.175236] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  620.181073] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  620.188846] Interruptibility = 00000000  ActivityState = 00000000
[  620.196471] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  620.202895] *** Host State ***
[  620.208645] CR0=0000000080050033 CR3=00000001ce25c000 CR4=00000000001426e0
[  620.211784] RIP = 0xffffffff81212aae  RSP = 0xffff880182dc7350
[  620.219806] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  620.226121] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  620.232547] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  620.238965] FSBase=00007f3d3330a700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  620.245046] *** Control State ***
[  620.253658] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  620.256380] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  620.262572] CR0=0000000080050033 CR3=00000001cdffe000 CR4=00000000001426f0
[  620.269031] EntryControls=0000d1ff ExitControls=002fefff
[  620.276417] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  620.281556] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  620.288960] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  620.295267] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  620.301577] *** Control State ***
[  620.308057] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  620.311902] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  620.318153]         reason=80000021 qualification=0000000000000000
[  620.325222] EntryControls=0000d1ff ExitControls=002fefff
[  620.331231] IDTVectoring: info=00000000 errcode=00000000
[  620.337012] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  620.342236] TSC Offset = 0xfffffeb19146ca23
[  620.349413] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  620.353542] EPT pointer = 0x00000001cc93701e
[  620.360702] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  620.375345] *** Guest State ***
[  620.375453]         reason=80000021 qualification=0000000000000000
[  620.378817] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  620.385306] IDTVectoring: info=00000000 errcode=00000000
[  620.394044] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  620.399711] TSC Offset = 0xfffffeb191f887e4
[  620.408391] CR3 = 0x0000000000000000
[  620.413265] EPT pointer = 0x00000001c811201e
[  620.416485] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  620.429285] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  620.435436] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  620.442163] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.450135] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.458161] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  620.466583] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.474623] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.482402] *** Guest State ***
[  620.484268] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.487274] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  620.494731] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.494750] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.494764] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.504611] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  620.512654] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.520836] CR3 = 0x0000000000000000
[  620.528186] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  620.528198] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  620.528208] Interruptibility = 00000000  ActivityState = 00000000
[  620.528218] *** Host State ***
[  620.537646] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  620.545121] RIP = 0xffffffff81212aae  RSP = 0xffff880180047350
[  620.545149] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  620.549554] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  620.555286] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  620.555298] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  620.555311] CR0=0000000080050033 CR3=00000001ce25c000 CR4=00000000001426e0
[  620.555326] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  620.555340] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  620.563699] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x2000, 0x0)
ioctl$EVIOCGKEY(r2, 0x80404518, &(0x7f0000000080)=""/29)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, r2, 0x1})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x400000000000, 0x2, 0x0, 0x1000, &(0x7f0000002000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000180)={0x10000, 0x0, [0xdc7, 0x5, 0x4, 0xffffffff00000001, 0x1f, 0x81, 0x6d7, 0x9]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  620.569306] *** Control State ***
[  620.569315] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  620.569322] EntryControls=0000d1ff ExitControls=002fefff
[  620.569336] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  620.569344] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  620.569352] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  620.569359]         reason=80000021 qualification=0000000000000000
[  620.569371] IDTVectoring: info=00000000 errcode=00000000
22:03:23 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
getpeername$unix(r1, &(0x7f00000001c0)=@abs, &(0x7f0000000100)=0x6e)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

22:03:23 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:23 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  620.573326] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.579018] TSC Offset = 0xfffffeb14396d298
[  620.585362] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.591710] EPT pointer = 0x00000001cd5b001e
[  620.598020] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  620.619978] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.632948] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.687136] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.739774] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.759959] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.774818] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  620.780183] Unknown ioctl -2143271656
[  620.786378] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  620.795734] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  620.798034] Unknown ioctl -2143271656
[  620.803004] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  620.814881] Interruptibility = 00000000  ActivityState = 00000000
[  620.821192] *** Host State ***
[  620.824939] RIP = 0xffffffff81212aae  RSP = 0xffff88017d38f350
[  620.831040] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  620.839461] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  620.850244] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  620.858544] CR0=0000000080050033 CR3=00000001cdffe000 CR4=00000000001426f0
[  620.868077] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  620.876057] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  620.882147] *** Control State ***
[  620.885597] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  620.892305] EntryControls=0000d1ff ExitControls=002fefff
[  620.897753] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  620.904699] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  620.911376] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  620.917978]         reason=80000021 qualification=0000000000000000
[  620.924334] IDTVectoring: info=00000000 errcode=00000000
[  620.929767] TSC Offset = 0xfffffeb191f887e4
[  620.934573] EPT pointer = 0x00000001c811201e
22:03:25 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0xe000000)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:25 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:25 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x800000002000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

22:03:25 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0))
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400201)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:25 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000100)="4ac2e909d8d8596ecf7809076039fbf02fadf8cca32cd677", &(0x7f00000001c0)="5cf0d3", 0x3}, 0x164a)
clock_gettime(0x0, &(0x7f0000000040)={<r2=>0x0, <r3=>0x0})
recvmmsg(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000280)=""/255, 0xff}, {&(0x7f0000000840)=""/226, 0xe2}, {&(0x7f0000000480)=""/65, 0x41}], 0x3, &(0x7f0000000540)=""/179, 0xb3, 0x3}}], 0x0, 0x40000020, &(0x7f0000001540)={r2, r3+10000000})

22:03:25 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x43050000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  622.877217] *** Guest State ***
[  622.883749] *** Guest State ***
[  622.886198] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  622.895297] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:03:25 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080), 0x1, 0x0, &(0x7f0000001540)={0x77359400})

22:03:25 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xf000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  622.927129] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  622.941965] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  622.942614] CR3 = 0x0000000000000000
[  622.962526] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:25 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:25 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  622.983718] CR3 = 0x0000000000000000
[  622.984577] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  622.999797] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
22:03:25 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0xe)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  623.032267] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  623.040036] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  623.043826] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.053234] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  623.065750] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:25 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x4888, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:26 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x201, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080), &(0x7f0000000140)}, 0x20)
recvmmsg(r0, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  623.078125] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.078663] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.093340] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  623.094495] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  623.122599] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.128410] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.136865] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.157457] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.161637] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.170622] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.195163] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.199418] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.210527] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.220887] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.226005] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.230047] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.239401] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.253732] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  623.254002] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.262329] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  623.276117] Interruptibility = 00000000  ActivityState = 00000000
[  623.281005] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  623.289197] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  623.289785] *** Host State ***
[  623.296990] Interruptibility = 00000000  ActivityState = 00000000
[  623.303321] RIP = 0xffffffff81212aae  RSP = 0xffff8801870d7350
[  623.309137] *** Host State ***
[  623.317363] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  623.320931] RIP = 0xffffffff81212aae  RSP = 0xffff880186c2f350
[  623.335714] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  623.337488] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  623.342438] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  623.359089] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  623.359227] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  623.365272] CR0=0000000080050033 CR3=00000001bf825000 CR4=00000000001426e0
[  623.371443] CR0=0000000080050033 CR3=00000001c2d89000 CR4=00000000001426f0
[  623.379992] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  623.390861] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  623.392272] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  623.398964] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  623.404861] *** Control State ***
[  623.410912] *** Control State ***
[  623.414378] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  623.418401] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  623.424562] EntryControls=0000d1ff ExitControls=002fefff
[  623.431240] EntryControls=0000d1ff ExitControls=002fefff
[  623.436783] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  623.442959] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  623.449281] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  623.456795] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  623.463291] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  623.469994] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  623.476629]         reason=80000021 qualification=0000000000000000
[  623.483968]         reason=80000021 qualification=0000000000000000
[  623.489572] IDTVectoring: info=00000000 errcode=00000000
[  623.496264] IDTVectoring: info=00000000 errcode=00000000
[  623.501339] TSC Offset = 0xfffffeafedf7e693
[  623.507110] TSC Offset = 0xfffffeafebc42673
[  623.511225] EPT pointer = 0x00000001d5a4501e
[  623.516172] EPT pointer = 0x00000001c205601e
[  623.562266] *** Guest State ***
[  623.562269] *** Guest State ***
[  623.562290] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  623.565622] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  623.568936] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  623.577840] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  623.596116] CR3 = 0x0000000000000000
[  623.608624] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  623.615328] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  623.619661] CR3 = 0x0000000000000000
[  623.621639] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  623.626067] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  623.638143] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  623.638262] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.644702] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  623.652471] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.658977] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.667161] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  623.675934] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.684295] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.691076] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  623.699049] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.699067] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.699079] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  623.699096] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  623.707648] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.715177] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.724361] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.731186] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.739433] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.747684] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  623.755991] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.763698] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  623.771791] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.779721] Interruptibility = 00000000  ActivityState = 00000000
[  623.787228] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  623.794154] *** Host State ***
[  623.801723] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  623.809646] RIP = 0xffffffff81212aae  RSP = 0xffff880186567350
[  623.816591] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  623.823894] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  623.827451] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  623.835205] FSBase=00007f0848b08700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  623.841245] Interruptibility = 00000000  ActivityState = 00000000
[  623.847610] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  623.854133] *** Host State ***
[  623.861515] CR0=0000000080050033 CR3=00000001c2d89000 CR4=00000000001426e0
[  623.869473] RIP = 0xffffffff81212aae  RSP = 0xffff8801c537f350
[  623.875633] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  623.881613] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  623.884720] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  623.891812] FSBase=00007f3d332e9700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  623.897755] *** Control State ***
[  623.904556] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  623.910889] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  623.917458] CR0=0000000080050033 CR3=00000001bf825000 CR4=00000000001426f0
[  623.924799] EntryControls=0000d1ff ExitControls=002fefff
[  623.928341] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  623.934186] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  623.940908] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  623.947894] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  623.953565] *** Control State ***
[  623.960070] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  623.967163] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  623.973094]         reason=80000021 qualification=0000000000000000
[  623.979913] EntryControls=0000d1ff ExitControls=002fefff
[  623.983275] IDTVectoring: info=00000000 errcode=00000000
22:03:26 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:26 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:26 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffff000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:26 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0x3}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r2, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080))
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000100))

22:03:26 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0xfffffffe)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:26 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x6, 0x408840)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000200)={0x100000001, 0x0, {0x2, 0x0, 0x6, 0x0, 0x96}})
openat(r3, &(0x7f0000000100)='./file0\x00', 0x80000, 0x8)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x10001, 0x200000)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r5, 0x40045730, &(0x7f0000000080)=0x1f)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  623.989932] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  623.996551] TSC Offset = 0xfffffeafebc42673
[  624.003017] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  624.003036] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  624.003045]         reason=80000021 qualification=0000000000000000
[  624.003051] IDTVectoring: info=00000000 errcode=00000000
[  624.003057] TSC Offset = 0xfffffeafedf7e693
[  624.003066] EPT pointer = 0x00000001d5a4501e
[  624.026408] EPT pointer = 0x00000001c205601e
22:03:26 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8100000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r1, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  624.131278] *** Guest State ***
[  624.135063] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  624.152087] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  624.162675] CR3 = 0x0000000000000000
[  624.167310] *** Guest State ***
[  624.170607] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
22:03:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8906000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:27 executing program 1:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, r2, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4800}, 0x0)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x12, 0x100000001, 0x4, 0xc4}, 0xa)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000000), &(0x7f0000000140)}, 0x20)
recvmmsg(r1, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000013c0), 0x0, &(0x7f0000001440)=""/179, 0xb3}}], 0x1, 0x0, &(0x7f0000001540)={0x77359400})

[  624.186636] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  624.197321] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  624.207803] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  624.216511] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.224887] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  624.234151] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.245115] CR3 = 0x0000000000000000
[  624.249278] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  624.257306] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  624.257318] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  624.257335] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  624.257349] CS:   sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000
22:03:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  624.257370] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  624.291215] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.300428] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.315530] SS:   sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000
[  624.332195] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.339650] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  624.350084] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  624.357837] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  624.371535] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.378415] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  624.380015] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  624.388206] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  624.407713] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.420323] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  624.427317] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  624.427749] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  624.442578] Interruptibility = 00000000  ActivityState = 00000000
[  624.449441] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  624.449893] *** Host State ***
[  624.461251] RIP = 0xffffffff81212aae  RSP = 0xffff880186567350
[  624.466955] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  624.467713] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  624.475413] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  624.482104] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  624.489213] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  624.496930] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  624.503935] Interruptibility = 00000000  ActivityState = 00000000
[  624.509984] CR0=0000000080050033 CR3=00000001c4991000 CR4=00000000001426e0
[  624.516083] *** Host State ***
[  624.523181] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  624.526110] RIP = 0xffffffff81212aae  RSP = 0xffff880180b37350
[  624.533050] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  624.538891] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  624.545219] *** Control State ***
[  624.551420] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  624.555185] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  624.562784] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  624.569749] EntryControls=0000d1ff ExitControls=002fefff
[  624.575468] CR0=0000000080050033 CR3=00000001c032f000 CR4=00000000001426e0
[  624.581671] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  624.588061] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  624.595264] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  624.601662] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  624.608710] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  624.614584] *** Control State ***
[  624.621510]         reason=80000021 qualification=0000000000000000
[  624.624962] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  624.631068] IDTVectoring: info=00000000 errcode=00000000
[  624.638142] EntryControls=0000d1ff ExitControls=002fefff
[  624.643421] TSC Offset = 0xfffffeaf40cad289
[  624.649269] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  624.653223] EPT pointer = 0x00000001c316301e
[  624.660211] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  624.674195] *** Guest State ***
[  624.674904] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  624.677647] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  624.684129]         reason=80000021 qualification=0000000000000000
[  624.684135] IDTVectoring: info=00000000 errcode=00000000
[  624.684141] TSC Offset = 0xfffffeaf4226b290
[  624.684152] EPT pointer = 0x00000001c8e2a01e
[  624.693198] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  624.722899] CR3 = 0x0000000000000000
[  624.726611] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  624.726623] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  624.726638] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  624.726655] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.738731] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.754926] *** Guest State ***
[  624.762099] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  624.765344] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  624.773399] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.783190] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  624.790307] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.799440] CR3 = 0x0000000000000000
[  624.807171] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.811191] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  624.818992] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  624.825247] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  624.832953] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  624.839176] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  624.846975] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  624.853946] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.862055] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.870041] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.877685] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  624.886171] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  624.892120] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  624.892131] Interruptibility = 00000000  ActivityState = 00000000
[  624.892135] *** Host State ***
[  624.892153] RIP = 0xffffffff81212aae  RSP = 0xffff880186567350
[  624.907609] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  624.914815] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.917036] FSBase=00007f0848b29700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  624.917049] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  624.917063] CR0=0000000080050033 CR3=00000001c4991000 CR4=00000000001426f0
[  624.917078] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  624.929607] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  624.937919] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.945324] *** Control State ***
[  624.945335] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  624.945342] EntryControls=0000d1ff ExitControls=002fefff
[  624.945357] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  624.945370] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  624.951640] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.958558] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  624.970311] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  624.971305]         reason=80000021 qualification=0000000000000000
22:03:27 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r4=>0xffffffffffffffff}, 0x111, 0x6}}, 0x28)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000100)={0x5, 0x10, 0xfa00, {&(0x7f0000000400), r4, 0x2}}, 0x18)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

22:03:27 executing program 1:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r1, 0x400000008912, &(0x7f0000000040)="153f6234488dd25d766070")
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x44, 0x0, &(0x7f0000000100)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x200000c8, &(0x7f0000000080)=[@fda], &(0x7f00000000c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000180)})

22:03:27 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:27 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x80350000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  624.979630] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  624.982781] IDTVectoring: info=00000000 errcode=00000000
[  624.989602] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  624.995290] TSC Offset = 0xfffffeaf40cad289
[  625.002093] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.008563] EPT pointer = 0x00000001c316301e
[  625.016738] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  625.031340] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  625.047090] Interruptibility = 00000000  ActivityState = 00000000
[  625.102676] *** Host State ***
[  625.105551] binder: 22694:22697 transaction failed 29189/-22, size 32-536871112 line 2855
[  625.105893] RIP = 0xffffffff81212aae  RSP = 0xffff88018088f350
[  625.136883] binder: undelivered TRANSACTION_ERROR: 29189
[  625.143276] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  625.151309] FSBase=00007f3d332c8700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000
[  625.165166] *** Guest State ***
[  625.168465] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  625.170566] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  625.183753] CR0=0000000080050033 CR3=00000001c032f000 CR4=00000000001426e0
[  625.188856] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  625.196273] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  625.201911] CR3 = 0x0000000000000000
[  625.206814] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  625.213266] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  625.216634] *** Control State ***
[  625.222711] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  625.225998] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  625.231741] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  625.238725] EntryControls=0000d1ff ExitControls=002fefff
[  625.245297] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.250856] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  625.258858] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.266253] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  625.273830] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  625.280525] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  625.288491] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.295167]         reason=80000021 qualification=0000000000000000
[  625.303102] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.309533] IDTVectoring: info=00000000 errcode=00000000
[  625.317455] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.323019] TSC Offset = 0xfffffeaf4226b290
[  625.331008] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  625.335422] EPT pointer = 0x00000001c8e2a01e
[  625.343378] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.355801] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  625.364002] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  625.375672] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  625.386897] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  625.395484] Interruptibility = 00000000  ActivityState = 00000000
[  625.401810] *** Host State ***
[  625.405140] RIP = 0xffffffff81212aae  RSP = 0xffff8801884b7350
[  625.411206] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  625.417769] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  625.425634] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  625.431521] CR0=0000000080050033 CR3=00000001cd3a9000 CR4=00000000001426e0
[  625.438670] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  625.445387] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  625.451442] *** Control State ***
[  625.454943] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  625.461657] EntryControls=0000d1ff ExitControls=002fefff
[  625.467218] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  625.474178] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  625.481098] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  625.487755]         reason=80000021 qualification=0000000000000000
[  625.494125] IDTVectoring: info=00000000 errcode=00000000
[  625.499566] TSC Offset = 0xfffffeaeb70020c0
[  625.503918] EPT pointer = 0x00000001b979801e
22:03:30 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0x800000000000000)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

22:03:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:30 executing program 5:
r0 = socket$inet6(0xa, 0x1000000000002, 0x0)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:30 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x101000)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000180)={'veth1_to_bridge\x00', @local})
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
sigaltstack(&(0x7f0000ffd000/0x2000)=nil, &(0x7f00000001c0))
read$FUSE(r0, &(0x7f0000001000), 0x1000)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1b, 0x0, 0x60000}}, 0x50)
read$FUSE(r0, &(0x7f0000002000), 0x1000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x0)
read$FUSE(r0, &(0x7f00000030c0), 0x1000)
write$FUSE_INTERRUPT(r0, &(0x7f0000000040)={0x10, 0xfffffffffffffffe, 0x2}, 0x10)
write$FUSE_ENTRY(r0, &(0x7f0000000240)={0x90, 0x0, 0x3, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}}, 0x90)

22:03:30 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@ipv4={[], [], @dev}, @in=@remote}}, {{@in=@rand_addr}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000000080)=0xe8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x2000080000000001, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:30 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:30 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8847000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  627.172991] *** Guest State ***
[  627.191117] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  627.202598] *** Guest State ***
[  627.211844] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:03:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x543, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  627.223748] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  627.233419] CR3 = 0x0000000000000000
[  627.237670] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  627.242712] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  627.244304] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  627.255359] CR3 = 0x0000000000000000
[  627.259057] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
22:03:30 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  627.269674] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.278470] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.287052] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  627.295692] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.300002] RSP = 0x0000000000000f7e  RIP = 0x0000000000000007
[  627.314269] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.331568] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.341967] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  627.344590] RFLAGS=0x00010006         DR7 = 0x0000000000000400
[  627.358833] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.371417] IDTR:                           limit=0x00000000, base=0x0000000000000000
22:03:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:30 executing program 1:
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, "0000000000001d00", 0x40000000000004}, 0x18)
ioctl(r0, 0x8916, &(0x7f0000000000))
ioctl(r0, 0x8936, &(0x7f0000000000))

22:03:30 executing program 2:
r0 = socket(0x11, 0x80003, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000200)=0x5)
setuid(r1)
r2 = gettid()
socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f)
fcntl$setsig(r3, 0xa, 0x12)
fcntl$setownex(r3, 0xf, &(0x7f00000ff000)={0x0, r2})
recvmsg(r4, &(0x7f0000172fc8)={&(0x7f0000b3aff8)=@sco, 0x8, &(0x7f00000a4fb0), 0x0, &(0x7f0000b36000)}, 0x8000000000000000)
dup2(r3, r4)
r5 = gettid()
tkill(r5, 0x16)

[  627.379911] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.392814] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  627.400877] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  627.413487] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.423531] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
22:03:30 executing program 5:
socket$inet6(0xa, 0x1000000000002, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

22:03:30 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xf0ffffffffffff, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  627.424957] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  627.449853] Interruptibility = 00000000  ActivityState = 00000000
[  627.457003] *** Host State ***
[  627.460373] RIP = 0xffffffff81212aae  RSP = 0xffff88017f347350
[  627.468790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  627.477810] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  627.485476] FSBase=00007f0848b29700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  627.494306] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  627.506173] CR0=0000000080050033 CR3=00000001c80e7000 CR4=00000000001426e0
[  627.520309] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
22:03:30 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000015c0)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000012c0)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10)

[  627.526500] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.529567] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  627.541527] *** Control State ***
[  627.552757] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  627.561905] EntryControls=0000d1ff ExitControls=002fefff
[  627.568941] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.570390] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  627.584502] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  627.591351] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005
[  627.614774]         reason=80000021 qualification=0000000000000000
[  627.625606] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.634798] IDTVectoring: info=00000000 errcode=00000000
[  627.640407] TSC Offset = 0xfffffead9ffdfad3
[  627.645265] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  627.645597] EPT pointer = 0x00000001d201701e
[  627.653355] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.667806] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  627.675842] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.684104] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  627.690524] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  627.698236] *** Guest State ***
[  627.701543] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  627.701637] Interruptibility = 00000000  ActivityState = 00000000
[  627.710454] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  627.710461] CR3 = 0x0000000000000000
[  627.710469] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  627.710479] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  627.710494] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  627.710506] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.710526] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.710546] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  627.710563] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.710583] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.717672] *** Host State ***
[  627.730237] RIP = 0xffffffff81212aae  RSP = 0xffff880172a57350
[  627.742317] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  627.748658] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.756748] FSBase=00007f3d3330a700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  627.765295] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  627.777930] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  627.781620] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  627.788940] CR0=0000000080050033 CR3=00000001cdc4c000 CR4=00000000001426e0
[  627.792416] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  627.798167] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  627.804913] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  627.813058] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  627.820797] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  627.828730] *** Control State ***
[  627.834901] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  627.842659] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  627.849969] Interruptibility = 00000000  ActivityState = 00000000
[  627.857689] EntryControls=0000d1ff ExitControls=002fefff
[  627.864646] *** Host State ***
[  627.872399] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  627.878718] RIP = 0xffffffff81212aae  RSP = 0xffff8801bac5f350
[  627.884932] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000
[  627.888739] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  627.895875] VMExit: intr_info=00000000 errcode=00000000 ilen=00000004
[  627.902825] FSBase=00007f0848b08700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000
[  627.908801]         reason=80000021 qualification=0000000000000000
[  627.914929] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  627.917500] IDTVectoring: info=00000000 errcode=00000000
[  627.924736] CR0=0000000080050033 CR3=00000001c80e7000 CR4=00000000001426f0
[  627.930457] TSC Offset = 0xfffffead9faed968
[  627.937620] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87c013a0
[  627.943646] EPT pointer = 0x00000001c91e701e
[  627.952295] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  627.964717] *** Control State ***
[  627.976276] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  628.014756] EntryControls=0000d1ff ExitControls=002fefff
[  628.020299] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  628.027296] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[  628.034012] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
[  628.040873]         reason=80000021 qualification=0000000000000000
[  628.047350] IDTVectoring: info=00000000 errcode=00000000
[  628.053014] *** Guest State ***
[  628.056313] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  628.065371] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  628.065519] TSC Offset = 0xfffffead9ffdfad3
[  628.074280] CR3 = 0x0000000000000000
[  628.074293] RSP = 0x0000000000000f80  RIP = 0x0000000000000000
[  628.079084] EPT pointer = 0x00000001d201701e
[  628.082457] RFLAGS=0x00000002         DR7 = 0x0000000000000400
[  628.092961] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  628.105741] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.113860] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.121919] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  628.130056] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.138155] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.146228] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.154283] GDTR:                           limit=0x000007ff, base=0x0000000000001000
[  628.162361] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800
[  628.170332] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  628.178361] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.186357] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  628.192809] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  628.200260] Interruptibility = 00000000  ActivityState = 00000000
[  628.206510] *** Host State ***
[  628.209702] RIP = 0xffffffff81212aae  RSP = 0xffff880186c2f350
[  628.215721] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  628.222161] FSBase=00007f3d332e9700 GSBase=ffff8801daf00000 TRBase=fffffe0000034000
[  628.229953] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
[  628.235863] CR0=0000000080050033 CR3=00000001cdc4c000 CR4=00000000001426e0
[  628.242920] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0
[  628.249606] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  628.255704] *** Control State ***
[  628.259153] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca
[  628.265835] EntryControls=0000d1ff ExitControls=002fefff
[  628.271284] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
[  628.278234] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000
22:03:31 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = open(&(0x7f00000001c0)='./file0\x00', 0x200, 0x8)
ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000580))
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x800, 0x0)
lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0})
getresuid(&(0x7f0000000400), &(0x7f0000000440)=<r8=>0x0, &(0x7f0000000480)=<r9=>0x0)
ioctl$int_out(r1, 0x5460, &(0x7f0000000540))
write$P9_RSTATu(r4, &(0x7f00000004c0)=ANY=[@ANYBLOB="770000007d0200000061000900040000004000000000060000000000000000000184f9ffffff070000000600000000000000130029776c616e316b657972696e67766d6e65743009002f64002f6465762f6b766d0009002f6465762f6b766d0001003a", @ANYRES32=r5, @ANYRES32=r7, @ANYRES32=r9], 0x77)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000600))
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0xfffffffffffff001)
r10 = semget$private(0x0, 0x3, 0x120)
semctl$IPC_SET(r10, 0x0, 0x1, &(0x7f0000000640)={{0x0, r6, r7, r8, r7, 0x80, 0x9}, 0xffffffffffffffaf, 0x6, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000400))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
mmap(&(0x7f0000012000/0x2000)=nil, 0x2000, 0x1000003, 0x30, r2, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

22:03:31 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0xb000000, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

22:03:31 executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="0affefff7f000000001e6ea64aa8e1c9", 0x10)
r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x0)
sendmmsg$unix(r1, &(0x7f0000000a40)=[{&(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000003c0), 0x300, &(0x7f0000000400)}], 0x1, 0x0)

22:03:31 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  628.284924] VMExit: intr_info=00000000 errcode=00000000 ilen=00000004
[  628.291487]         reason=80000021 qualification=0000000000000000
[  628.297831] IDTVectoring: info=00000000 errcode=00000000
[  628.303309] TSC Offset = 0xfffffead9faed968
[  628.307614] EPT pointer = 0x00000001c91e701e
22:03:31 executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00'}, 0x45c)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)

22:03:31 executing program 3:
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x5, 0x4, 0x0, 0x0, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x8035, 0x0, 0x0, 0x4001, 0x0, @local, @dev, {[@timestamp={0x8, 0x2c, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {}]}]}}}}}}}, &(0x7f0000000000))

[  628.376437] *** Guest State ***
[  628.380452] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
[  628.398357] *** Guest State ***
[  628.411705] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7
22:03:31 executing program 5:
ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000400)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14}, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f0000005500)=[{{&(0x7f0000000040)=@pppol2tpv3, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000200)=""/6, 0x6}}], 0x1, 0x0, &(0x7f0000005740)={0x77359400})
sendmsg$nl_generic(r0, &(0x7f0000000000)={&(0x7f0000000180), 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x14, 0x28, 0xafd, 0x0, 0x0, {0x12, 0x0, 0x2}}, 0x14}}, 0x0)

[  628.415054] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  628.436489] WARNING: CPU: 1 PID: 22784 at mm/slab_common.c:1031 kmalloc_slab+0x56/0x70
[  628.441662] CR3 = 0x0000000000000000
[  628.444559] Kernel panic - not syncing: panic_on_warn set ...
[  628.444559] 
[  628.444578] CPU: 1 PID: 22784 Comm: syz-executor1 Not tainted 4.19.0-rc6+ #269
[  628.444587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  628.444592] Call Trace:
[  628.444626]  dump_stack+0x1c4/0x2b4
[  628.444646]  ? dump_stack_print_info.cold.2+0x52/0x52
[  628.444666]  panic+0x238/0x4e7
[  628.444680]  ? add_taint.cold.5+0x16/0x16
[  628.444699]  ? __warn.cold.8+0x148/0x1ba
[  628.444716]  ? kmalloc_slab+0x56/0x70
[  628.444729]  __warn.cold.8+0x163/0x1ba
[  628.444744]  ? kmalloc_slab+0x56/0x70
[  628.444760]  report_bug+0x254/0x2d0
[  628.444782]  do_error_trap+0x1fc/0x4d0
[  628.453456] RSP = 0x0000000000000f80  RIP = 0x0000000000000005
[  628.455871]  ? math_error+0x3f0/0x3f0
[  628.455890]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  628.455911]  ? trace_hardirqs_on_caller+0x310/0x310
[  628.463816] RFLAGS=0x00000006         DR7 = 0x0000000000000400
[  628.472624]  ? kasan_slab_free+0xe/0x10
[  628.472645]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  628.472663]  do_invalid_op+0x1b/0x20
[  628.472682]  invalid_op+0x14/0x20
[  628.475672] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  628.478869] RIP: 0010:kmalloc_slab+0x56/0x70
[  628.478885] Code: c5 60 ab 00 89 5d c3 48 85 ff b8 10 00 00 00 74 f4 83 ef 01 c1 ef 03 0f b6 87 80 aa 00 89 eb d8 31 c0 81 e6 00 02 00 00 75 db <0f> 0b 5d c3 48 8b 04 c5 a0 aa 00 89 5d c3 66 90 66 2e 0f 1f 84 00
[  628.478898] RSP: 0018:ffff8801bf28f978 EFLAGS: 00010246
[  628.484492] CS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.487255] RAX: 0000000000000000 RBX: 00000000fffffff9 RCX: ffffc90003e8c000
[  628.487264] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000003ffffffe60
[  628.487273] RBP: ffff8801bf28f978 R08: ffff8801c9074700 R09: ffffed00378ee891
[  628.487282] R10: ffff8801bf28fa48 R11: ffff8801bc77448f R12: 0000000000000000
[  628.487290] R13: 0000000000000000 R14: ffff8801d313f180 R15: 00000000006080c0
[  628.487318]  __kmalloc+0x25/0x760
[  628.494927] DS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.495518]  ? input_mt_init_slots+0xe5/0x4a0
[  628.505827] SS:   sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000
[  628.506984]  input_mt_init_slots+0xe5/0x4a0
[  628.507003]  uinput_ioctl_handler.isra.10+0x2049/0x2540
[  628.507020]  ? uinput_request_submit.part.9+0x2d0/0x2d0
[  628.512449] ES:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.514531]  ? __fget+0x4d1/0x740
[  628.514550]  ? ksys_dup3+0x680/0x680
[  628.514570]  ? __might_fault+0x12b/0x1e0
[  628.520650] FS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.524324]  ? lock_downgrade+0x900/0x900
[  628.524342]  uinput_ioctl+0x4c/0x60
[  628.524357]  ? uinput_compat_ioctl+0x90/0x90
[  628.524371]  do_vfs_ioctl+0x1de/0x1720
[  628.524389]  ? ioctl_preallocate+0x300/0x300
[  628.535190] GS:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.540190]  ? __fget_light+0x2e9/0x430
[  628.540205]  ? fget_raw+0x20/0x20
[  628.540220]  ? _copy_to_user+0xc8/0x110
[  628.540240]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  628.544759] GDTR:                           limit=0x00000000, base=0x0000000000000000
[  628.549049]  ? put_timespec64+0x10f/0x1b0
[  628.549064]  ? nsecs_to_jiffies+0x30/0x30
[  628.549086]  ? security_file_ioctl+0x94/0xc0
[  628.553309] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.556234]  ksys_ioctl+0xa9/0xd0
[  628.556251]  __x64_sys_ioctl+0x73/0xb0
[  628.556272]  do_syscall_64+0x1b9/0x820
[  628.563316] IDTR:                           limit=0x00000000, base=0x0000000000000000
[  628.567325]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  628.567345]  ? syscall_return_slowpath+0x5e0/0x5e0
[  628.567365]  ? trace_hardirqs_on_caller+0x310/0x310
[  628.586776] TR:   sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000
[  628.591640]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  628.591661]  ? recalc_sigpending_tsk+0x180/0x180
[  628.600069] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  628.606890]  ? kasan_check_write+0x14/0x20
[  628.606911]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  628.606932]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  628.606948] RIP: 0033:0x457579
[  628.615053] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  628.621879] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  628.621888] RSP: 002b:00007f8ec058fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  628.621903] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457579
[  628.621917] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  628.629570] Interruptibility = 00000000  ActivityState = 00000000
[  628.636434] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  628.636443] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ec05906d4
[  628.636452] R13: 00000000004c1284 R14: 00000000004d1e78 R15: 00000000ffffffff
[  628.637453] Kernel Offset: disabled
[  628.932867] Rebooting in 86400 seconds..