0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0x0, @reserved}, 0x10) [ 511.567231] CR0=0000000080050033 CR3=00000001d37be000 CR4=00000000001426e0 [ 511.578380] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 511.591804] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 511.598240] *** Control State *** 05:58:34 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus\x00', r1, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000140)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 511.612647] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 [ 511.628335] EntryControls=0000d1ff ExitControls=002fefff [ 511.634546] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 511.643795] VMEntry: intr_info=80000306 errcode=00000000 ilen=00000000 [ 511.652334] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 511.659197] reason=80000021 qualification=0000000000000000 [ 511.666010] IDTVectoring: info=00000000 errcode=00000000 [ 511.679437] TSC Offset = 0xfffffeebea21433c [ 511.697371] EPT pointer = 0x00000001c86d601e 05:58:34 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0xfffffdfd, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0x0, @reserved}, 0x10) 05:58:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:34 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x8000000200, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000340)=0x1) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./bus/file0\x00', r3, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x100000, 0x2) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x6}, &(0x7f00000003c0)=0x8) getsockopt$inet6_opts(r2, 0x29, 0x37, &(0x7f0000000480)=""/146, &(0x7f0000000540)=0x92) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000400)={r5, 0x15}, &(0x7f0000000440)=0x8) ioctl$KVM_S390_UCAS_MAP(r3, 0x4018ae50, &(0x7f0000000380)={0x9, 0x9, 0x80000005}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000140)=0x0) syz_open_procfs(r7, &(0x7f0000000180)='net/netstat\x00') setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:34 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc0305302, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:35 executing program 5: r0 = socket$kcm(0x2, 0x3, 0x84) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") sendmsg(r0, &(0x7f0000001b80)={&(0x7f00000001c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x80, &(0x7f0000001580), 0x0, &(0x7f0000001600)}, 0x0) close(r0) [ 512.190777] *** Guest State *** 05:58:35 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000300)='./bus/file0\x00', r2, &(0x7f0000000140)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0x2, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000480)={0x28, 0x2, 0x0, {0x6, 0x100, 0x4}}, 0x28) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000340)="c0ad2a1482b6bbc0c15db329fa92d93a31960e4bad0efcc13ae4b9e61bd138801dd103c83a896764a905e0ca7e39c431e9075d592af622849320e496321a1cdb91f6c0a480e4f41897e243d5e6657b1265f2", &(0x7f00000003c0)="fc79150aaf329d252bbfe6c293b39dde2c040320fa910829cdb2ea7b10876f13941684ebe6dc8a4a1e71f187129c6426bad650591d9b7cead5377865e17521225f302164ea92c641324a33cf02906a428c4a56c35cf9e3d09965b57186fb7a32f565711b651d91e29b26a5ee4e462178902edb5252d255d6", 0x1}, 0x20) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000240)=0x1800, 0x4) socket$xdp(0x2c, 0x3, 0x0) ioctl$VIDIOC_ENCODER_CMD(r1, 0xc028564d, &(0x7f0000000180)={0x0, 0x1, [0x4, 0xfff, 0x5, 0x5, 0x5, 0x9, 0x9, 0xfea]}) [ 512.222313] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 512.237957] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 512.247479] CR3 = 0x0000000000000000 [ 512.251831] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 512.274132] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 512.283699] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 512.318516] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 512.330219] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 512.338715] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 512.347238] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 512.355724] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:35 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x408040, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) 05:58:35 executing program 5: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000000)="220000002100070700be0000090007010a00001e00003c0000ff040405000c000000", 0x22) [ 512.364552] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 512.373084] GDTR: limit=0x00000000, base=0x0000000000000000 [ 512.386267] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 512.395979] IDTR: limit=0x00000000, base=0x0000000000000000 [ 512.404871] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:35 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000100), 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x2b) shutdown(r2, 0x1) r3 = accept4(r1, 0x0, &(0x7f0000000000)=0xfffffffffffffefa, 0x0) dup2(r1, r3) [ 512.413097] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 512.419795] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 512.427524] Interruptibility = 00000000 ActivityState = 00000000 [ 512.434230] *** Host State *** [ 512.438149] RIP = 0xffffffff8120427e RSP = 0xffff8801be627390 [ 512.444391] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 05:58:35 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000140)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 512.469090] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 512.480360] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 512.491407] CR0=0000000080050033 CR3=00000001bd15b000 CR4=00000000001426f0 [ 512.501329] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 512.510161] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 512.519285] *** Control State *** [ 512.523766] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 512.530951] EntryControls=0000d1ff ExitControls=002fefff [ 512.537071] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 512.544592] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 512.552749] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 512.559570] reason=80000021 qualification=0000000000000000 05:58:35 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)={0xffffffffffffffff}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./bus/file0\x00', r3, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) fcntl$notify(r1, 0x402, 0x80000013) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000140)={'ipvs\x00'}, &(0x7f0000000180)=0x1e) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 512.566563] IDTVectoring: info=00000000 errcode=00000000 [ 512.572701] TSC Offset = 0xfffffeeb67c29093 [ 512.577387] EPT pointer = 0x00000001c7def01e 05:58:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:35 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x100000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:35 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)={0xffffffffffffffff}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./bus/file0\x00', r3, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") preadv(r1, &(0x7f0000000600)=[{&(0x7f0000000300)=""/156, 0x9c}, {&(0x7f0000000140)=""/54, 0x36}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000440)=""/165, 0xa5}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000500)=""/18, 0x12}, {&(0x7f0000000540)=""/6, 0x6}], 0x7, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:35 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc0045878, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 513.087656] *** Guest State *** [ 513.094279] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 513.112505] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 513.123414] CR3 = 0x0000000000000000 05:58:36 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) rename(&(0x7f0000000400)='./bus/file0\x00', &(0x7f0000000440)='./bus\x00') renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0xffffffffffffffff, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000340)={0x16, 0x98, 0xfa00, {&(0x7f0000000140), 0x4, r4, 0x10, 0x1, @in6={0xa, 0x4e21, 0x8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x11}}}}}, 0xa0) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 513.132730] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 513.138886] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 513.145344] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 513.152447] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.168752] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.177583] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 513.187182] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.195694] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.212431] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.221353] GDTR: limit=0x00000000, base=0x0000000000000000 [ 513.229454] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:36 executing program 2: lsetxattr$trusted_overlay_upper(&(0x7f0000000140)='./bus\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f0000000300)={0x0, 0xfb, 0x75, 0x5, 0x7, "500c6a3226bb533bebda3d2e77ff1623", "808ec1be979e11178054b7ffdeb1029c19f7d75e43691141b1a8da19bdb8b374a11b537cedd3ee9fbcea2bb2aa2c20446a59d45685532c154b7121fab78bbe700f0353f5dc7b1f9cc2b55e77f465e323c6d3a09973400e6201a98a8bae2e2ce3"}, 0x75, 0x2) r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) lstat(&(0x7f0000000380)='./bus/file0\x00', &(0x7f00000003c0)) [ 513.237862] IDTR: limit=0x00000000, base=0x0000000000000000 [ 513.246573] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.255128] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 513.274330] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 05:58:36 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) write$FUSE_DIRENT(r2, &(0x7f0000000300)={0xc8, 0x0, 0x8, [{0x2, 0xffffffffffffffe1, 0x0, 0x3}, {0x4, 0x5, 0x1, 0x7fff, '\x00'}, {0x6, 0xfff, 0x3, 0x4, '4lo'}, {0x0, 0x1000, 0x1, 0x80, '!'}, {0x3, 0x9, 0x7, 0x3, 'selinux'}, {0x0, 0x3, 0x7, 0xffffffffffff8001, '$,-ppp1'}]}, 0xc8) r3 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r3, 0x15) syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x8, 0x80) [ 513.289991] Interruptibility = 00000000 ActivityState = 00000000 [ 513.309000] *** Host State *** [ 513.320265] RIP = 0xffffffff8120427e RSP = 0xffff880185cd7390 [ 513.337506] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 513.350842] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 513.358944] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 513.377019] CR0=0000000080050033 CR3=00000001bbec9000 CR4=00000000001426f0 05:58:36 executing program 5: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) dup3(r1, r0, 0x0) 05:58:36 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e21, @broadcast}}, 0x80, 0x1ff}, &(0x7f0000000140)=0x90) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r4, 0x3}, 0x8) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 513.388028] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 513.398086] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 513.404832] *** Control State *** [ 513.408408] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 513.427542] EntryControls=0000d1ff ExitControls=002fefff 05:58:36 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, @perf_config_ext, 0x4000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00008deff8), &(0x7f0000000100)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) [ 513.440085] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 513.450246] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 513.464556] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 513.473684] reason=80000021 qualification=0000000000000000 [ 513.481801] IDTVectoring: info=00000000 errcode=00000000 [ 513.491745] TSC Offset = 0xfffffeeaeb8f5426 [ 513.496553] EPT pointer = 0x00000001b93ac01e 05:58:36 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000180)=""/11, 0xff43) prctl$intptr(0x1d, 0xfffffffffffff743) prctl$void(0x1e) syz_execute_func(&(0x7f0000000200)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010196f04cd04cd0f2902") 05:58:36 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000140)) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 513.640188] *** Guest State *** [ 513.643699] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 513.669113] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 513.679622] CR3 = 0x0000000000000000 [ 513.690105] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 513.696466] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 513.702990] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 513.710191] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.719541] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.728156] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 513.736331] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.745127] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.753230] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.761329] GDTR: limit=0x00000000, base=0x0000000000000000 [ 513.769295] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.777318] IDTR: limit=0x00000000, base=0x0000000000000000 [ 513.785972] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 513.794004] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 513.800451] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 513.807910] Interruptibility = 00000000 ActivityState = 00000000 [ 513.814171] *** Host State *** [ 513.817371] RIP = 0xffffffff8120427e RSP = 0xffff880180e67390 [ 513.823379] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 513.829819] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 513.837681] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 513.843627] CR0=0000000080050033 CR3=00000001c55c6000 CR4=00000000001426f0 [ 513.850705] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 513.857491] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 513.863579] *** Control State *** [ 513.867027] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 513.873748] EntryControls=0000d1ff ExitControls=002fefff [ 513.879227] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 513.886191] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 513.892891] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 513.899486] reason=80000021 qualification=0000000000000000 [ 513.905868] IDTVectoring: info=00000000 errcode=00000000 [ 513.911890] TSC Offset = 0xfffffeeaa12117c9 [ 513.916219] EPT pointer = 0x00000001bd32501e 05:58:36 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x3f00000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:36 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x2, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fallocate(r5, 0x4, 0x9e, 0xfffffffffffffffc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp6_SCTP_MAXSEG(r6, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={0x0, 0x6}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000340)={r7, 0x100000000}, &(0x7f0000000380)=0xc) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:36 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x5451, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:36 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000340)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000140)={0x8, 0x9, 0x4}) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:37 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r2 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x2) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETOWNER(r2, 0x400454cc, r3) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)=0x0) r5 = gettid() timer_settime(r4, 0x0, &(0x7f0000000100)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r5, 0x15) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x2, 0x0) 05:58:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:37 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") inotify_init1(0x800) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 514.253254] *** Guest State *** [ 514.260163] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 514.269331] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 514.281157] CR3 = 0x0000000000000000 [ 514.289481] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 514.296664] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 514.310339] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 514.322838] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 514.331215] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.339386] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 514.349676] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 05:58:37 executing program 2: r0 = accept$inet(0xffffffffffffff9c, 0x0, &(0x7f0000000180)) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000380)='trusted.overlay.upper\x00', &(0x7f00000003c0)={0x0, 0xfb, 0x69, 0x6, 0x40, "c6cc2f206bf75553f8b89b8ff167a500", "abecfc6622e9e2a6095ab99dc1e0e620d35555fc120ce90c0bcf700aacc8585107bfc635b623f50732f5ef39c97838ea5d1aa6ea0294e671a5bdf902e632109a49e39fef08f34a41287591dd0a35ac1a00a27d36"}, 0x69, 0x1) r1 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer\x00', 0x200, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./bus/file0\x00', r3, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x6) r5 = add_key(&(0x7f0000000080)='user\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000440)="ec2d", 0x2, 0xfffffffffffffffd) keyctl$setperm(0x5, r5, 0x200800) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280)={0x0, 0x100}, &(0x7f0000000140)=0xfffffffffffffc81) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 514.358526] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.368265] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.397485] GDTR: limit=0x000007ff, base=0x0000000000001000 05:58:37 executing program 5: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) write$cgroup_subtree(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="3c5d768a3d2b63"], 0x13) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 514.415975] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 514.426124] IDTR: limit=0x0000ffff, base=0x0000000000000000 05:58:37 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r2, &(0x7f00000001c0)='./bus/file0\x00', r3, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r4 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r4, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r4, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000140)={0x0, 0x7, 0x1, [0x3ff]}, &(0x7f0000000300)=0xa) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000340)={r5, 0x800}, &(0x7f00000003c0)=0x8) r6 = creat(&(0x7f0000000580)='./bus\x00', 0x0) setsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f0000000180)=0x8, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 514.472362] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 514.486461] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 514.495732] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 514.509472] Interruptibility = 00000000 ActivityState = 00000000 [ 514.516086] *** Host State *** 05:58:37 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 514.524834] RIP = 0xffffffff8120427e RSP = 0xffff8801805a7390 [ 514.550145] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 514.566328] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 514.600176] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 514.622487] CR0=0000000080050033 CR3=00000001d1c63000 CR4=00000000001426e0 [ 514.645536] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 514.659672] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 514.666488] *** Control State *** [ 514.670058] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 514.676723] EntryControls=0000d1ff ExitControls=002fefff [ 514.682533] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 514.689460] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 514.696975] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 514.703596] reason=80000021 qualification=0000000000000000 [ 514.710046] IDTVectoring: info=00000000 errcode=00000000 [ 514.715510] TSC Offset = 0xfffffeea4cc77890 [ 514.719901] EPT pointer = 0x00000001d95b101e [ 514.770057] *** Guest State *** [ 514.773502] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 514.782521] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 514.791463] CR3 = 0x0000000000000000 [ 514.795170] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 514.801291] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 514.807261] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 514.813983] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 514.822579] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.830752] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 514.838856] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.846864] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.855157] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 514.863257] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 514.871268] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 514.879262] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 514.887383] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 514.895421] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 514.901930] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 514.909381] Interruptibility = 00000000 ActivityState = 00000000 [ 514.915666] *** Host State *** [ 514.918883] RIP = 0xffffffff8120427e RSP = 0xffff8801be757390 [ 514.924896] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 514.931363] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 514.939155] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 514.945103] CR0=0000000080050033 CR3=00000001d1c63000 CR4=00000000001426f0 [ 514.952817] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 514.959501] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 514.965681] *** Control State *** 05:58:37 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xe00000000000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:37 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) [ 514.969152] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 514.975947] EntryControls=0000d1ff ExitControls=002fefff [ 514.981651] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 514.988604] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 514.995532] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 515.007407] reason=80000021 qualification=0000000000000000 [ 515.014278] IDTVectoring: info=00000000 errcode=00000000 [ 515.020208] TSC Offset = 0xfffffeea4cc77890 [ 515.025054] EPT pointer = 0x00000001d95b101e 05:58:40 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x40bc5311, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:40 executing program 5: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x202, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000140)=0xe8) lstat(&(0x7f0000000180)='./bus\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000480)={0xa0, 0xffffffffffffffda, 0x7, {{0x0, 0x2, 0x4, 0x1, 0x9, 0x5, {0x3, 0x125, 0x10000, 0x5, 0x200, 0x7, 0x0, 0x3, 0x2, 0x17, 0xd0, r4, r5, 0x6, 0x401}}, {0x0, 0x1}}}, 0xa0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x1000000000000, &(0x7f0000000080)}}, 0x20) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:40 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000300)="9d6d6e18ac19392ff496fbb2ccbcae4a4408b835cecd94914d0e6a21160b875ccdc279e726ffdd30aa697c7da5d3", 0x2e, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e22, @multicast1}}, [0x3, 0x400, 0xfffffffffffffffd, 0x95e, 0x5a28, 0x27, 0x780, 0xd11, 0x6947, 0xffffffff, 0x0, 0xff, 0x46cb5e66, 0x117, 0x80000000]}, &(0x7f0000000200)=0x100) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000240)={r3, 0x8}, &(0x7f0000000280)=0x8) 05:58:40 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) ioctl$RTC_WIE_OFF(r2, 0x7010) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x20000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) 05:58:40 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x1f00000000000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:40 executing program 5 (fault-call:11 fault-nth:0): socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:40 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x0, 0x0) renameat2(r1, &(0x7f00000001c0)='./bus/file0\x00', r2, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d015f8f762070") ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) shutdown(r1, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000580)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) recvfrom$inet6(r1, &(0x7f0000000140)=""/60, 0x3c, 0x40000020, 0x0, 0x0) [ 517.343314] FAULT_INJECTION: forcing a failure. [ 517.343314] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 517.354936] *** Guest State *** [ 517.356647] CPU: 0 PID: 18351 Comm: syz-executor5 Not tainted 4.19.0+ #318 [ 517.365877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.369874] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 517.375228] Call Trace: [ 517.375254] dump_stack+0x244/0x39d [ 517.375276] ? dump_stack_print_info.cold.1+0x20/0x20 [ 517.375303] should_fail.cold.4+0xa/0x17 [ 517.395400] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 517.396072] ? print_usage_bug+0xc0/0xc0 [ 517.400683] CR3 = 0x0000000000000000 [ 517.408948] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 517.408967] ? zap_class+0x640/0x640 [ 517.408984] ? zap_class+0x640/0x640 [ 517.408997] ? __lock_is_held+0xb5/0x140 [ 517.409023] ? __lock_is_held+0xb5/0x140 [ 517.413484] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 517.416760] ? lock_release+0xa00/0xa00 [ 517.416777] ? perf_trace_sched_process_exec+0x860/0x860 [ 517.416796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.416814] ? __might_sleep+0x95/0x190 [ 517.422446] RFLAGS=0x00010046 DR7 = 0x0000000000000400 [ 517.425741] __alloc_pages_nodemask+0x34b/0xde0 [ 517.425763] ? __alloc_pages_slowpath+0x2e10/0x2e10 [ 517.429601] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 517.433598] ? retint_kernel+0x2d/0x2d [ 517.433623] ? mpol_shared_policy_lookup+0x1a/0x150 [ 517.433638] ? mpol_shared_policy_lookup+0x39/0x150 [ 517.433656] ? mpol_shared_policy_lookup+0xf7/0x150 [ 517.433681] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 517.433700] alloc_pages_vma+0x11e/0x4a0 [ 517.433719] shmem_alloc_page+0xa5/0x190 [ 517.433736] ? shmem_swapin+0x230/0x230 [ 517.452365] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.453134] ? kasan_check_read+0x11/0x20 [ 517.453167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.465340] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.467934] ? percpu_counter_add_batch+0x141/0x190 [ 517.467960] shmem_alloc_and_acct_page+0x248/0xdb0 [ 517.467983] ? shmem_getattr+0x2c0/0x2c0 [ 517.467999] ? alloc_set_pte+0x1447/0x1f40 [ 517.468021] ? kasan_check_read+0x11/0x20 [ 517.473296] SS: sel=0x0000, attr=0x04081, limit=0x00000000, base=0x0000000000000000 [ 517.477772] ? do_raw_spin_lock+0x14f/0x350 [ 517.477790] ? rwlock_bug.part.2+0x90/0x90 [ 517.477822] ? zap_class+0x640/0x640 [ 517.477850] shmem_getpage_gfp+0x71d/0x4840 [ 517.477885] ? shmem_add_to_page_cache+0x1950/0x1950 [ 517.485115] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.488448] ? unlock_page+0x2c2/0x4c0 [ 517.488466] ? wake_up_page_bit+0x6f0/0x6f0 [ 517.493938] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.498470] ? do_raw_spin_unlock+0xa7/0x330 [ 517.498486] ? do_raw_spin_trylock+0x270/0x270 [ 517.498504] ? lock_unpin_lock+0x4a0/0x4a0 [ 517.498519] ? find_held_lock+0x36/0x1c0 05:58:40 executing program 2: mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xc) r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x3a) 05:58:40 executing program 5 (fault-call:11 fault-nth:1): socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 517.498541] ? _raw_spin_unlock+0x2c/0x50 [ 517.498561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.504079] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.509156] ? __handle_mm_fault+0xa57/0x5be0 [ 517.509200] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 517.509228] ? mark_held_locks+0x130/0x130 [ 517.509260] ? sched_clock+0x31/0x50 [ 517.509278] ? zap_class+0x640/0x640 [ 517.513720] GDTR: limit=0x00000000, base=0x0000000000000000 [ 517.517363] ? zap_class+0x640/0x640 [ 517.517377] ? zap_class+0x640/0x640 [ 517.517410] ? find_held_lock+0x36/0x1c0 [ 517.517489] ? __do_page_fault+0x620/0xe60 [ 517.517505] ? lock_downgrade+0x900/0x900 [ 517.521999] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.529422] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 517.529437] ? kasan_check_read+0x11/0x20 [ 517.529450] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 517.529463] ? rcu_softirq_qs+0x20/0x20 [ 517.529478] ? trace_hardirqs_off_caller+0x310/0x310 05:58:40 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dsp\x00', 0x204200, 0x0) write$P9_RFSYNC(r0, &(0x7f0000000380)={0x7, 0x33, 0x1}, 0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0x0, &(0x7f0000000000)=@raw, &(0x7f0000000040)='GPL\x00', 0x4, 0xee, &(0x7f0000000080)=""/238, 0x40f00, 0x1, [], 0x0, 0x277709b74f23143a}, 0x48) setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0) r2 = open(&(0x7f00000002c0)='./file0\x00', 0x800, 0x102) setsockopt$inet6_buf(r2, 0x29, 0x2c, &(0x7f0000000300)="f394ef0d193a62a6fdea1d81bbae1748dec0ee6579c85a28c6", 0x19) fcntl$addseals(r1, 0x409, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={&(0x7f0000000400), 0xc, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="fc000000190001070000000000000000ff0100000000000000000000000000ffab1414bb00020000000000000002000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000440005000000000000000000000000000000000000000000ff0000000a000000fe8000000000000000000000000000aa0000000003000000000000000000000000000000"], 0xfc}}, 0x0) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280)="36a0c6e14040bb985c277e68c1a9d6b9d2b9a8ad25f1ba6e54a777cbc33ab3a543b1b99dc3f669954a", 0x29, 0xfffffffffffffffc) syz_emit_ethernet(0x3ff, &(0x7f0000000200)={@local, @random="cf2bb43c40b8", [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6c, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) [ 517.529495] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 517.534104] IDTR: limit=0x00000000, base=0x0000000000000000 [ 517.539137] ? check_preemption_disabled+0x48/0x280 [ 517.539161] ? kasan_check_write+0x14/0x20 [ 517.539177] ? print_usage_bug+0xc0/0xc0 [ 517.539192] ? up_read_non_owner+0x100/0x100 [ 517.539213] ? find_vma+0x34/0x190 [ 517.547630] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 517.552244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.552260] ? __do_page_fault+0x491/0xe60 [ 517.552284] ? mark_held_locks+0xc7/0x130 [ 517.552314] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.552330] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 517.552342] ? retint_kernel+0x2d/0x2d [ 517.552377] ? trace_hardirqs_on_caller+0xc0/0x310 [ 517.557697] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 517.561347] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.561360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.561376] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 517.561452] ? __inode_attach_wb+0x13f0/0x13f0 [ 517.561488] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.566287] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 517.569848] ? __do_page_fault+0x491/0xe60 [ 517.569863] ? retint_kernel+0x2d/0x2d [ 517.569927] ? iov_iter_fault_in_readable+0x356/0x450 [ 517.569945] ? iov_iter_fault_in_readable+0x363/0x450 [ 517.569960] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 517.569979] ? iov_iter_fault_in_readable+0x22a/0x450 [ 517.578304] Interruptibility = 00000000 ActivityState = 00000000 [ 517.582233] ? _copy_from_iter_flushcache+0xfc0/0xfc0 [ 517.582248] ? __sanitizer_cov_trace_pc+0x10/0x50 [ 517.582310] ? ktime_get_coarse_real_ts64+0x22e/0x370 [ 517.582329] shmem_write_begin+0x10a/0x1e0 [ 517.582350] generic_perform_write+0x3aa/0x6a0 [ 517.586992] *** Host State *** [ 517.590271] ? add_page_wait_queue+0x400/0x400 [ 517.590285] ? file_update_time+0xe4/0x640 [ 517.590301] ? current_time+0x1b0/0x1b0 [ 517.590320] ? generic_write_check_limits+0x7e/0x370 [ 517.590335] ? generic_write_check_limits+0xe4/0x370 [ 517.590349] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 517.590362] ? generic_write_check_limits+0x28d/0x370 [ 517.590380] __generic_file_write_iter+0x26e/0x630 [ 517.590407] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.590426] generic_file_write_iter+0x34d/0x6b0 [ 517.590443] ? __generic_file_write_iter+0x630/0x630 [ 517.590456] ? __vfs_write+0x277/0x9f0 [ 517.590472] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 517.596856] RIP = 0xffffffff8120427e RSP = 0xffff880184e07390 [ 517.599865] ? iov_iter_init+0xe5/0x210 [ 517.599885] __vfs_write+0x6b8/0x9f0 [ 517.599905] ? kernel_read+0x120/0x120 [ 517.599925] ? __lock_is_held+0xb5/0x140 [ 517.599953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.599967] ? __sb_start_write+0x1b2/0x370 [ 517.599985] vfs_write+0x1fc/0x560 [ 517.608407] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 517.611826] ksys_write+0x101/0x260 [ 517.611845] ? __ia32_sys_read+0xb0/0xb0 [ 517.611864] ? trace_hardirqs_off_caller+0x310/0x310 [ 517.611885] __x64_sys_write+0x73/0xb0 [ 517.611921] do_syscall_64+0x1b9/0x820 [ 517.611938] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 517.611966] ? syscall_return_slowpath+0x5e0/0x5e0 [ 517.612000] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.616810] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 517.624251] ? trace_hardirqs_on_caller+0x310/0x310 [ 517.624270] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 517.624286] ? prepare_exit_to_usermode+0x291/0x3b0 [ 517.624307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.624331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 517.624342] RIP: 0033:0x457569 [ 517.624358] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 517.624369] RSP: 002b:00007f4fac927c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 517.629270] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 517.633324] RAX: ffffffffffffffda RBX: 00007f4fac927c90 RCX: 0000000000457569 [ 517.633333] RDX: 000000000000fcf3 RSI: 0000000020000100 RDI: 0000000000000006 [ 517.633341] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 517.633350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fac9286d4 [ 517.633358] R13: 00000000004cb758 R14: 00000000004d9070 R15: 0000000000000008 [ 517.690389] CR0=0000000080050033 CR3=00000001be5bf000 CR4=00000000001426e0 [ 517.726508] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 517.748893] FAULT_INJECTION: forcing a failure. [ 517.748893] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 517.755177] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 517.777096] *** Control State *** [ 517.789166] CPU: 0 PID: 18368 Comm: syz-executor5 Not tainted 4.19.0+ #318 [ 517.803676] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 517.807715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.807722] Call Trace: [ 517.807747] dump_stack+0x244/0x39d [ 517.807770] ? dump_stack_print_info.cold.1+0x20/0x20 [ 517.807797] should_fail.cold.4+0xa/0x17 [ 517.811893] EntryControls=0000d1ff ExitControls=002fefff [ 517.816572] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 517.816592] ? zap_class+0x640/0x640 [ 517.816609] ? zap_class+0x640/0x640 [ 517.816624] ? __lock_is_held+0xb5/0x140 [ 517.823149] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 517.827846] ? __lock_is_held+0xb5/0x140 [ 517.827919] ? ata_bus_probe+0x150/0x1050 [ 517.827944] ? lock_release+0xa00/0xa00 [ 517.832907] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 517.838128] ? perf_trace_sched_process_exec+0x860/0x860 [ 517.838148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 517.838182] ? __might_sleep+0x95/0x190 [ 517.838203] __alloc_pages_nodemask+0x34b/0xde0 [ 517.842928] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 517.847511] ? __alloc_pages_slowpath+0x2e10/0x2e10 [ 517.847534] ? retint_kernel+0x2d/0x2d [ 517.847560] ? kasan_check_read+0x1/0x20 [ 517.847579] ? mpol_shared_policy_lookup+0xf7/0x150 [ 517.855239] reason=80000021 qualification=0000000000000000 [ 517.859231] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 517.859252] alloc_pages_vma+0x11e/0x4a0 [ 517.859288] shmem_alloc_page+0xa5/0x190 [ 517.859304] ? shmem_swapin+0x230/0x230 [ 517.868381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 517.868401] ? percpu_counter_add_batch+0x141/0x190 [ 517.873797] IDTVectoring: info=00000000 errcode=00000000 [ 517.879111] shmem_alloc_and_acct_page+0x248/0xdb0 [ 517.879135] ? shmem_getattr+0x2c0/0x2c0 [ 517.879150] ? alloc_set_pte+0x1447/0x1f40 [ 517.879172] ? kasan_check_read+0x11/0x20 [ 517.894517] TSC Offset = 0xfffffee8a406f64e [ 517.895799] ? do_raw_spin_lock+0x14f/0x350 [ 517.895817] ? rwlock_bug.part.2+0x90/0x90 [ 517.895847] ? zap_class+0x640/0x640 [ 517.895872] shmem_getpage_gfp+0x71d/0x4840 [ 517.910591] EPT pointer = 0x00000001c2d5101e [ 517.914832] ? shmem_add_to_page_cache+0x1950/0x1950 [ 517.914849] ? unlock_page+0x2c2/0x4c0 [ 517.914863] ? wake_up_page_bit+0x6f0/0x6f0 [ 517.914896] ? do_raw_spin_unlock+0xa7/0x330 [ 517.926982] ? do_raw_spin_trylock+0x270/0x270 [ 517.936053] ? _raw_spin_unlock_irq+0x60/0x80 [ 517.936074] ? _raw_spin_unlock+0x2c/0x50 [ 517.936095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 518.444871] ? __handle_mm_fault+0xa57/0x5be0 [ 518.449364] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 518.454197] ? __schedule+0x8d7/0x21d0 [ 518.458071] ? trace_hardirqs_on_caller+0xc0/0x310 [ 518.462995] ? zap_class+0x640/0x640 [ 518.466701] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 518.471268] ? retint_kernel+0x2d/0x2d [ 518.475146] ? find_held_lock+0x36/0x1c0 [ 518.479201] ? __do_page_fault+0x620/0xe60 [ 518.483433] ? lock_downgrade+0x900/0x900 [ 518.487571] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 518.492486] ? kasan_check_read+0x11/0x20 [ 518.496621] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 518.501882] ? rcu_softirq_qs+0x20/0x20 [ 518.505853] ? kasan_check_write+0x14/0x20 [ 518.510076] ? print_usage_bug+0xc0/0xc0 [ 518.514121] ? up_read_non_owner+0x100/0x100 [ 518.518525] ? find_vma+0x34/0x190 [ 518.522072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 518.527599] ? __do_page_fault+0x491/0xe60 [ 518.531828] ? mark_held_locks+0xc7/0x130 [ 518.535966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 518.540709] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 518.545276] ? retint_kernel+0x2d/0x2d [ 518.549181] ? trace_hardirqs_on_caller+0xc0/0x310 [ 518.554115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 518.558941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 518.563685] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 518.569131] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 518.573889] ? retint_kernel+0x2d/0x2d [ 518.577791] ? iov_iter_fault_in_readable+0x356/0x450 [ 518.582974] ? iov_iter_fault_in_readable+0x363/0x450 [ 518.588149] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 518.593676] ? iov_iter_fault_in_readable+0x22a/0x450 [ 518.598857] ? _copy_from_iter_flushcache+0xfc0/0xfc0 [ 518.604040] shmem_write_begin+0x10a/0x1e0 [ 518.608269] generic_perform_write+0x3aa/0x6a0 [ 518.612858] ? add_page_wait_queue+0x400/0x400 [ 518.617434] ? current_time+0x1b0/0x1b0 [ 518.621407] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 518.626415] ? generic_write_check_limits+0x28d/0x370 [ 518.631595] __generic_file_write_iter+0x26e/0x630 [ 518.636514] generic_file_write_iter+0x34d/0x6b0 [ 518.641265] ? __generic_file_write_iter+0x630/0x630 [ 518.646368] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 518.651895] ? iov_iter_init+0xe5/0x210 [ 518.655859] __vfs_write+0x6b8/0x9f0 [ 518.659566] ? kernel_read+0x120/0x120 [ 518.663532] ? __lock_is_held+0xb5/0x140 [ 518.667589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 518.673115] ? __sb_start_write+0x1b2/0x370 [ 518.677429] vfs_write+0x1fc/0x560 [ 518.680963] ksys_write+0x101/0x260 [ 518.684582] ? __ia32_sys_read+0xb0/0xb0 [ 518.688630] ? trace_hardirqs_off_caller+0x310/0x310 [ 518.693724] __x64_sys_write+0x73/0xb0 [ 518.697603] do_syscall_64+0x1b9/0x820 [ 518.701480] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 518.706831] ? syscall_return_slowpath+0x5e0/0x5e0 [ 518.711745] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 518.716580] ? trace_hardirqs_on_caller+0x310/0x310 [ 518.721585] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 518.726589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 518.732114] ? prepare_exit_to_usermode+0x291/0x3b0 [ 518.737125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 518.742064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 518.747326] RIP: 0033:0x457569 [ 518.750508] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 518.769394] RSP: 002b:00007f4fac927c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 518.777087] RAX: ffffffffffffffda RBX: 00007f4fac927c90 RCX: 0000000000457569 [ 518.784340] RDX: 000000000000fcf3 RSI: 0000000020000100 RDI: 0000000000000006 [ 518.791594] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 05:58:41 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x40505330, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 518.798850] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fac9286d4 [ 518.806120] R13: 00000000004cb758 R14: 00000000004d9070 R15: 0000000000000008 05:58:41 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:41 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x7fffffff, 0x201) ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f0000000140)={0x4, 0x61, &(0x7f0000000080)="a2f0d5a287bcb184bb5488fde5011f7dd66b1f780b5fdca78921f232c80c3f3e90e5756eb8a46c68b795c3768d1dcc94b1c51492e0aa0c04eb428bd29a9d12dc2f8a00f18dfc35cb", {0x0, 0x1ff, 0x32314247, 0x4, 0x4, 0x240, 0x3, 0xfff}}) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000000)={0x1, 0x0, @start={0x0, 0x1}}) 05:58:41 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) getsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000300)=""/4096, &(0x7f00000000c0)=0x1000) tkill(r2, 0x15) 05:58:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:41 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x4000000000000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:41 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x40000, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2800, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000005c0)=ANY=[@ANYBLOB="0024ade3c92400000054db61d3160d106c8e7f09000000f1e80ebb738c0000000018a6d86f3cc3dec8d643827ee05e2924dfa5dc418d97001c2d2e3bcceab70b3b0001662846e491b09375f40414be16a0a007634eb8e37080163d69160d79b7b33cb1dc492f17d7f588ddba078dd9d54eec4711e3b2a32f63621a0a2d4b908da7660a4f6598b93e08f20e0d52f4e614cc13767ddf438d3571adbc697bf9b83c9e4e2bef1b2694f3d772b92a903251edf96f8b88a8891bebad602288dcfb97008310bd2b4ff8060effb273161b4a56c509d02cdf691bea18ca8bd28c2ecce8a20becca6d78e9e53b89355055be73004bb1b36a30c3c1f282080000008e1962faaa379e65a017a3608f4a80d2f8ba62b3fdd5214c2e63ffeea235fec275f7d02094093b72b45cf7c370eee60307e760b30d7d8b8722499bd524d14a59852945ad2e3e4cf687383095b081192631409990c8a849b7ade54f2d9d8a2a9df2e1b41bccdf8e2712f54b79712afd9d9c5c"], &(0x7f00000002c0)=0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000380)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000300)={@loopback, 0x2c, r4}) setsockopt$inet6_int(r3, 0x29, 0xfb, &(0x7f00000001c0)=0x8, 0x4) socket$l2tp(0x18, 0x1, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x3ac, 0x3ef, 0x5, 0x30c, 0x0, 0x8, 0xe003, 0x394, 0x0, 0x0, 0x2, 0x0, 0x14]}, 0x75, r5}) socket$l2tp(0x18, 0x1, 0x1) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000100)={@local, @empty, @loopback, 0x3, 0x0, 0x1f, 0x500, 0x100000000, 0x1c0270, r4}) ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000180)) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ppp\x00', 0x509000, 0x0) ioctl$SCSI_IOCTL_GET_IDLUN(r6, 0x5382, &(0x7f0000000480)) ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f00000004c0)={0x3, @raw_data="bf0165646f40d1911001c2e85c90c77574e282fcaed8b0d4b69cf074e06e241d61c32a58e22b68a3907b4826753d3e765245bf0c654816fe90f1a9304c648f6c4ba7c1667745ce60f912dfa06a2d2c21e46373a7178c54df11180952eb555c53212d0c6d65a3372bd7f2a0441efeafc2ffb81c732f260a9b5159a373bd4377b09efe7ec7958f6c352bcd6a07ce4300f095ca5d0502a8aeab8786abd262de9334e9cc45cf862d56ac5e22f00a07ae7ca30a704ce6553ee67cc7bc352d6af7e7902946539d10eb7a1e"}) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KDENABIO(r6, 0x4b36) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffa000/0x3000)=nil) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x1) sendto$inet6(r7, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000080)={0x3, r2}) write(r0, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) 05:58:41 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c0000ffffffe0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.006565] *** Guest State *** [ 519.010366] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 519.020920] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 519.030933] CR3 = 0x0000000000000000 [ 519.034907] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 519.052862] RFLAGS=0x00010046 DR7 = 0x0000000000000400 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000002000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.130560] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 519.152308] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.178470] QAT: Invalid ioctl [ 519.184827] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.193895] SS: sel=0x0000, attr=0x04081, limit=0x00000000, base=0x0000000000000000 [ 519.202413] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.211258] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.219498] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.227996] GDTR: limit=0x00000000, base=0x0000000000000000 [ 519.247997] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 519.256356] QAT: Invalid ioctl [ 519.261874] IDTR: limit=0x00000000, base=0x0000000000000000 [ 519.270378] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000100000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.280856] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 519.287655] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 519.297274] Interruptibility = 00000000 ActivityState = 00000000 [ 519.313449] *** Host State *** [ 519.321439] RIP = 0xffffffff8120427e RSP = 0xffff8801c8617390 05:58:42 executing program 2: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) ioctl$VIDIOC_ENUMAUDOUT(r0, 0xc0345642, &(0x7f0000000000)={0x9, "ff45d75d61bb0a448e3e8d8a376a88d40820904993774cf1a4f6ce01a2ff9705", 0x2, 0x1}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x7, 0x4) r1 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000080)={'team_slave_1\x00', {0x2, 0x4e20, @loopback}}) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x50323234}}) [ 519.332790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 519.350963] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 519.365350] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 519.372075] CR0=0000000080050033 CR3=00000001c6ca9000 CR4=00000000001426f0 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c00000000e0ff, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.379651] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 519.388272] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 519.410050] *** Control State *** [ 519.413523] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 519.451370] EntryControls=0000d1ff ExitControls=002fefff [ 519.457306] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 519.464673] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 519.473001] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 519.479995] reason=80000021 qualification=0000000000000000 [ 519.486691] IDTVectoring: info=00000000 errcode=00000000 [ 519.492843] TSC Offset = 0xfffffee7c0647b3f [ 519.497558] EPT pointer = 0x00000001bdd5201e 05:58:42 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc0a85320, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x805, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000080)="ff02040000eeff0000000000000000000000000000020205", 0x18) sendto$inet6(r0, &(0x7f00000000c0)='E', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [0x8dffffff]}, 0x9}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000015c0)='ip6_vti0\x00', 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f00000005c0)=0xe8) bind$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x10, r1, 0x1, 0x2, 0x6, @dev}, 0x14) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x8001, 0x20041) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000140)={0x2, &(0x7f0000000100)=[{0x8}, {}]}) r3 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000bbd000/0x1000)=nil, 0x1000, 0x0) sendfile(0xffffffffffffffff, r3, &(0x7f0000b58000), 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000200), 0x4) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x10, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000240)) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000880)={&(0x7f0000000080)=ANY=[]}}, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r5, &(0x7f0000000700), 0x1000000000000110) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000002c0)={0x6, &(0x7f0000000280)=[{0x81, 0x9, 0x1c8c4d18, 0x10001}, {0x2, 0xffff, 0x6, 0x9}, {0xe1e, 0x8000, 0x7, 0x6}, {0x9, 0x8, 0x5, 0x402}, {0x10001, 0x6, 0x0, 0x80}, {0x3, 0x2, 0x7, 0x2}]}, 0x10) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x1}, 0x10) 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000600, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:42 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x5, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f0000000100)) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci\x00', 0x80002, 0x0) r3 = getpid() ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000140)=r3) r4 = gettid() fcntl$lock(r1, 0x27, &(0x7f0000000180)={0x0, 0x0, 0x5, 0x7fff, r3}) tkill(r4, 0x15) 05:58:42 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x1000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c0000fffffffe, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.920778] *** Guest State *** [ 519.952457] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 519.961654] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 519.971306] CR3 = 0x0000000000000000 [ 519.976811] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 519.983195] RFLAGS=0x00010046 DR7 = 0x0000000000000400 [ 519.989487] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 05:58:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000040000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 519.996555] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.005686] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.013972] SS: sel=0x0000, attr=0x04081, limit=0x00000000, base=0x0000000000000000 [ 520.022758] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:42 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f00000003c0), 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xe) socket$inet6(0xa, 0x0, 0x0) ioprio_set$pid(0x0, 0x0, 0x8000) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000200)={@mcast2, 0x0, 0x3, 0xff, 0x0, 0x4, 0x400, 0x4}, &(0x7f0000000240)=0x20) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4}) [ 520.047322] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.061429] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.073699] GDTR: limit=0x00000000, base=0x0000000000000000 [ 520.083826] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.092522] IDTR: limit=0x00000000, base=0x0000000000000000 [ 520.108143] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.127543] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 520.135700] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 520.143562] Interruptibility = 00000000 ActivityState = 00000000 [ 520.150341] *** Host State *** 05:58:43 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000008000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:43 executing program 2: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0x0, 0x0, r0, 0x0) perf_event_open(&(0x7f0000940000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, r0, 0x0) dup2(r1, r0) [ 520.154071] RIP = 0xffffffff8120427e RSP = 0xffff8801840f7390 [ 520.171113] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 520.192259] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 520.215947] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 520.230234] CR0=0000000080050033 CR3=00000001c65a2000 CR4=00000000001426f0 [ 520.238050] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 520.245278] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 520.252221] *** Control State *** [ 520.256548] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:58:43 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000020000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 520.265836] EntryControls=0000d1ff ExitControls=002fefff [ 520.273076] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 520.280213] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 520.287033] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 520.299981] reason=80000021 qualification=0000000000000000 [ 520.307795] IDTVectoring: info=00000000 errcode=00000000 [ 520.316984] TSC Offset = 0xfffffee742d23eef [ 520.321695] EPT pointer = 0x00000001c1b7101e 05:58:43 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x5452, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:43 executing program 2: mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) r0 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x8001, 0x84001) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000180)) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x1000, 0x7fff) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB="5b84766e1da88c4d6bcd461415f8bb21d76da561a92bb6dca77e0064855dfbe28c0489742ea127eec997113fe97b4337a68e7fb36d8f236232390974f316f1be79cc6bcf95a0a92439824cb1fd57cc92c74363a1c95379c3f17afdc7060b642fed03f18e533f409c074476b6a3db5905198adf4be12167301e4bd9f227515613f2f86cef7095be9c50898b22f8995eaa73d49a141074de94535024e611420c35d5b63c1b4c8bada7714195c092374b42cf39b73c2998380dab81608b0b71ac85a24d000000000000000000000000"], &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, &(0x7f0000000240)="f461895dd1ba64ef15b7ba189fb19052549ec864c16367580a53af83df9a941d447fa349cf48b70445a96908c388b16cb138df7b4af9a193f2f98167a7c9e93ee6ba61e8a2225d22fe1828246f268b03604c12c5a939bb46d55d3f13306355efb72265ffbbc07ad9dafb4ac49c23825a5cfe4e77cebbc5839b782b5249e4") semget(0x2, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=0x0) sched_getscheduler(r1) 05:58:43 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000200000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 520.787386] ceph: device name is missing path (no : separator in [„vn¨ŒMkÍFø»!×m¥a©+¶Ü§~) [ 520.809383] ceph: device name is missing path (no : separator in [„vn¨ŒMkÍFø»!×m¥a©+¶Ü§~) [ 520.823576] *** Guest State *** [ 520.827204] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 520.846718] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 520.914125] CR3 = 0x0000000000000000 [ 520.925177] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 520.943904] RFLAGS=0x00010046 DR7 = 0x0000000000000400 [ 520.958194] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 520.968570] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.976938] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.985435] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 520.993893] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 521.002153] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 521.010630] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 521.018821] GDTR: limit=0x00000000, base=0x0000000000000000 [ 521.027828] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 521.036135] IDTR: limit=0x00000000, base=0x0000000000000000 [ 521.050136] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 521.067517] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 521.080990] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 521.096795] Interruptibility = 00000000 ActivityState = 00000000 [ 521.111244] *** Host State *** [ 521.118210] RIP = 0xffffffff8120427e RSP = 0xffff8801be63f390 [ 521.129971] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 521.136411] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 521.169942] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 521.175855] CR0=0000000080050033 CR3=00000001cdb86000 CR4=00000000001426f0 [ 521.209880] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 521.216760] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 521.239863] *** Control State *** [ 521.243421] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 521.259884] EntryControls=0000d1ff ExitControls=002fefff [ 521.265451] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 521.289869] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 521.296555] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 521.310118] reason=80000021 qualification=0000000000000000 [ 521.324548] IDTVectoring: info=00000000 errcode=00000000 [ 521.335963] TSC Offset = 0xfffffee6c71e4c68 [ 521.346203] EPT pointer = 0x00000001cc68201e 05:58:54 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x11c5) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) 05:58:54 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@remote, 0x200, 0x2, 0x3, 0x4, 0x2}, 0x20) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000080)={0x0, 0x5, 0x9, 0x9, [], [], [], 0x53f, 0x3, 0x3, 0x0, "2fc82f72e4d66a026e5b371fda7a1852"}) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000040)=0x800) 05:58:54 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x4000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:54 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x10000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:54 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:54 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x40049409, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:54 executing program 2: ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000010000000000000000000bc80128000000000000000000000000000000000000070000000000000000000000000000000000"]) r0 = getpid() getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000400)={0x0, 0x81}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000004c0)={r1, 0x8}, 0x8) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) sched_setaffinity(0x0, 0xffffffffffffffd9, &(0x7f0000000280)) r3 = socket$xdp(0x2c, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000580)) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380)={@dev}, &(0x7f0000000540)=0x14) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xfffffffffffffffe}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x2007fff) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000000)=r0) write$P9_RXATTRCREATE(r7, &(0x7f0000000140)={0x7, 0x21, 0x1}, 0x7) write$P9_RSETATTR(r7, &(0x7f0000000040)={0x7}, 0x7) sendfile(r4, r7, &(0x7f0000d83ff8), 0x800000000024) creat(&(0x7f0000000200)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x50, &(0x7f00000000c0)}, 0x10) [ 531.335306] *** Guest State *** [ 531.338824] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 531.350299] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 531.361100] CR3 = 0x0000000000000000 [ 531.364992] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 531.371589] RFLAGS=0x00010046 DR7 = 0x0000000000000400 05:58:54 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000008800000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 531.383507] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 531.390716] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.410900] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:54 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x4, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) write$FUSE_ENTRY(r1, &(0x7f0000000200)={0x90, 0x0, 0x100, {0x4, 0x2, 0xc092, 0x0, 0x3, 0x178d, {0x2, 0x100000000, 0x80000000, 0x100, 0x6, 0x6, 0x4, 0xffffffffffffffff, 0xfffffffffffff9a7, 0x7d1, 0x10000, r2, r3, 0x9, 0x1}}}, 0x90) syz_open_dev$adsp(&(0x7f0000000400)='/dev/adsp#\x00', 0x0, 0x101000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r4, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r5 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r5, 0x15) [ 531.440212] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.459404] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.469767] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.478588] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.492231] GDTR: limit=0x00000000, base=0x0000000000000000 [ 531.525483] device bridge0 left promiscuous mode [ 531.530984] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.541107] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 531.556063] IDTR: limit=0x00000000, base=0x0000000000000000 [ 531.568308] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 531.583272] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:54 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c00003f000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 531.583283] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 531.583295] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 531.583304] Interruptibility = 00000000 ActivityState = 00000000 [ 531.583309] *** Host State *** [ 531.583321] RIP = 0xffffffff8120427e RSP = 0xffff8801b5027390 [ 531.583343] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 531.583355] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 531.583366] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 531.583381] CR0=0000000080050033 CR3=00000001cf2d5000 CR4=00000000001426e0 [ 531.583395] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 531.583407] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 531.583429] *** Control State *** [ 531.583439] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 531.583448] EntryControls=0000d1ff ExitControls=002fefff [ 531.583462] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 531.583471] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 05:58:54 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c0000000000e0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:54 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 531.583481] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 531.583489] reason=80000021 qualification=0000000000000000 [ 531.583498] IDTVectoring: info=00000000 errcode=00000000 [ 531.583505] TSC Offset = 0xfffffee127e0904f [ 531.583514] EPT pointer = 0x00000001c4f5c01e 05:58:54 executing program 2: ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000010000000000000000000bc80128000000000000000000000000000000000000070000000000000000000000000000000000"]) r0 = getpid() getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000400)={0x0, 0x81}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000004c0)={r1, 0x8}, 0x8) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) sched_setaffinity(0x0, 0xffffffffffffffd9, &(0x7f0000000280)) r3 = socket$xdp(0x2c, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000580)) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380)={@dev}, &(0x7f0000000540)=0x14) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xfffffffffffffffe}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x2007fff) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000000)=r0) write$P9_RXATTRCREATE(r7, &(0x7f0000000140)={0x7, 0x21, 0x1}, 0x7) write$P9_RSETATTR(r7, &(0x7f0000000040)={0x7}, 0x7) sendfile(r4, r7, &(0x7f0000d83ff8), 0x800000000024) creat(&(0x7f0000000200)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x50, &(0x7f00000000c0)}, 0x10) [ 531.828150] *** Guest State *** [ 531.832037] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 531.841496] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 531.851389] CR3 = 0x0000000000000000 [ 531.855358] RSP = 0x0000000000000f80 RIP = 0x0000000000000040 [ 531.862826] RFLAGS=0x00010046 DR7 = 0x0000000000000400 [ 531.870915] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 05:58:54 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000006000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 531.877876] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.886427] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.903666] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.914113] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.924985] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.934143] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.942880] GDTR: limit=0x00000000, base=0x0000000000000000 [ 531.951118] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.951133] IDTR: limit=0x00000000, base=0x0000000000000000 [ 531.967594] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 531.976114] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 531.983285] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 531.992099] Interruptibility = 00000000 ActivityState = 00000000 [ 531.998692] *** Host State *** [ 532.002124] RIP = 0xffffffff8120427e RSP = 0xffff8801846f7390 [ 532.008302] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 532.015375] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 532.033977] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 532.040317] CR0=0000000080050033 CR3=00000001b94bf000 CR4=00000000001426e0 [ 532.048824] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 532.058645] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 532.073341] *** Control State *** [ 532.081143] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 532.088150] EntryControls=0000d1ff ExitControls=002fefff [ 532.089751] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 532.103835] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 532.118356] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 532.125489] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 532.139243] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 532.156825] reason=80000021 qualification=0000000000000000 [ 532.163551] IDTVectoring: info=00000000 errcode=00000000 [ 532.169153] TSC Offset = 0xfffffee0e305426e [ 532.173665] EPT pointer = 0x00000001d128101e 05:58:55 executing program 2: ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000010000000000000000000bc80128000000000000000000000000000000000000070000000000000000000000000000000000"]) r0 = getpid() getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000400)={0x0, 0x81}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000004c0)={r1, 0x8}, 0x8) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) sched_setaffinity(0x0, 0xffffffffffffffd9, &(0x7f0000000280)) r3 = socket$xdp(0x2c, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000580)) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380)={@dev}, &(0x7f0000000540)=0x14) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xfffffffffffffffe}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x2007fff) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000000)=r0) write$P9_RXATTRCREATE(r7, &(0x7f0000000140)={0x7, 0x21, 0x1}, 0x7) write$P9_RSETATTR(r7, &(0x7f0000000040)={0x7}, 0x7) sendfile(r4, r7, &(0x7f0000d83ff8), 0x800000000024) creat(&(0x7f0000000200)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x50, &(0x7f00000000c0)}, 0x10) 05:58:55 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x100000000000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c00000000ffe0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:55 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x80045301, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 532.265384] *** Guest State *** [ 532.270018] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 532.285780] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 532.294991] CR3 = 0x0000000000000000 [ 532.298969] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 532.305389] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:58:55 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() r3 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0xd167, 0x80000) ioctl$BLKALIGNOFF(r3, 0x127a, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) [ 532.336499] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 532.360922] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.376066] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000003f00, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 532.384795] SS: sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000 [ 532.394387] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.402616] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.412697] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.427089] GDTR: limit=0x00000000, base=0x0000000000000000 [ 532.453913] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.468820] IDTR: limit=0x00000000, base=0x0000000000000000 [ 532.478536] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.490339] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 532.497015] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 532.513204] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 532.528019] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 532.528045] Interruptibility = 00000000 ActivityState = 00000000 [ 532.528050] *** Host State *** [ 532.528063] RIP = 0xffffffff8120427e RSP = 0xffff8801bb59f390 [ 532.528086] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xff0f000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 532.528098] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 532.528110] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 532.528125] CR0=0000000080050033 CR3=00000001c9005000 CR4=00000000001426f0 [ 532.528140] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 532.528158] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 532.598930] *** Control State *** [ 532.603672] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:58:55 executing program 2: ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000010000000000000000000bc80128000000000000000000000000000000000000070000000000000000000000000000000000"]) r0 = getpid() getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000400)={0x0, 0x81}, &(0x7f0000000440)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000004c0)={r1, 0x8}, 0x8) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) sched_setaffinity(0x0, 0xffffffffffffffd9, &(0x7f0000000280)) r3 = socket$xdp(0x2c, 0x3, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000580)) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r3) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380)={@dev}, &(0x7f0000000540)=0x14) r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xfffffffffffffffe}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x2007fff) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f0000000000)=r0) write$P9_RXATTRCREATE(r7, &(0x7f0000000140)={0x7, 0x21, 0x1}, 0x7) write$P9_RSETATTR(r7, &(0x7f0000000040)={0x7}, 0x7) sendfile(r4, r7, &(0x7f0000d83ff8), 0x800000000024) creat(&(0x7f0000000200)='./bus\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x50, &(0x7f00000000c0)}, 0x10) [ 532.610860] EntryControls=0000d1ff ExitControls=002fefff [ 532.616764] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 532.624153] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 532.631412] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 532.638177] reason=80000021 qualification=0000000000000000 [ 532.646686] IDTVectoring: info=00000000 errcode=00000000 [ 532.652922] TSC Offset = 0xfffffee0a764d73a [ 532.657562] EPT pointer = 0x00000001d394001e 05:58:55 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000002, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 532.782948] *** Guest State *** [ 532.793795] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 532.803224] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 532.813712] CR3 = 0x0000000000000000 [ 532.817747] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 532.824600] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 532.833129] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 532.840426] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.848842] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.858231] SS: sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000040000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 532.885071] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.902068] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.904123] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 532.911916] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.938882] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 532.954295] GDTR: limit=0x00000000, base=0x0000000000000000 [ 532.966582] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 532.975017] IDTR: limit=0x00000000, base=0x0000000000000000 [ 532.990652] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 533.003780] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 533.030533] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 05:58:55 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000804, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 533.038357] Interruptibility = 00000000 ActivityState = 00000000 [ 533.050355] *** Host State *** [ 533.053846] RIP = 0xffffffff8120427e RSP = 0xffff8801807af390 [ 533.061979] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 533.073429] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 533.082406] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 533.088406] CR0=0000000080050033 CR3=00000001d8cb6000 CR4=00000000001426f0 [ 533.095928] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 533.110687] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 533.116946] *** Control State *** [ 533.121630] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 533.128947] EntryControls=0000d1ff ExitControls=002fefff [ 533.140013] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 533.152666] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 533.166836] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 533.173995] reason=80000021 qualification=0000000000000000 [ 533.180752] IDTVectoring: info=00000000 errcode=00000000 05:58:56 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xfdfdffff00000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:56 executing program 2: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000002, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 533.187720] TSC Offset = 0xfffffee060f0883a [ 533.194731] EPT pointer = 0x00000001d83b801e 05:58:58 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x4058534c, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000008, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:58 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) write$binfmt_misc(r0, &(0x7f00000000c0)={'syz0', "df518508c0324f2d52950bc236eb8faaec6578758f76d3583096b762f04ae99ac2abe8"}, 0x27) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000140)={'team_slave_0\x00', @ifru_settings={0x8, 0x5, @te1=&(0x7f0000000100)={0x200, 0x3f, 0xf15, 0x4}}}}) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000280)=@req={0x28, &(0x7f0000000240)={'ip6gretap0\x00', @ifru_settings={0x8c01, 0x80, @raw_hdlc=&(0x7f0000000200)={0x1, 0x9}}}}) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) 05:58:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:58 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x1f000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:58 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) r3 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x100000000, 0x101000) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) write$evdev(r3, &(0x7f0000000300)=[{{r4, r5/1000+30000}, 0x3, 0xffffffff, 0x6}, {{0x77359400}, 0x17, 0x9}, {{r6, r7/1000+30000}, 0x15, 0x10000, 0xd8}, {{0x0, 0x2710}, 0x17, 0x1, 0x40}, {{r8, r9/1000+10000}, 0x17, 0x8, 0x1}, {{}, 0x0, 0x2, 0x3}, {{0x0, 0x7530}, 0x12, 0x0, 0x6}, {{0x0, 0x7530}, 0x5, 0x3000, 0x8}, {{0x77359400}, 0x17, 0x7f, 0x1}], 0xd8) [ 535.342882] *** Guest State *** [ 535.347032] *** Guest State *** [ 535.356094] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 535.366307] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 535.375962] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:58:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000408, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 535.389534] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 535.391240] CR3 = 0x0000000000000000 [ 535.404185] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 535.412644] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 535.421872] CR3 = 0x0000000000000000 [ 535.430395] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 535.433954] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 535.443669] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 535.450552] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 535.452508] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.457433] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.475575] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.484295] SS: sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000 05:58:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000001000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 535.490116] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.492659] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.503329] SS: sel=0x0000, attr=0x00085, limit=0x00000000, base=0x0000000000000000 [ 535.508726] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.525500] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.535927] GDTR: limit=0x00000000, base=0x0000000000000000 [ 535.542530] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.544216] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.563539] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.572328] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.580965] GDTR: limit=0x00000000, base=0x0000000000000000 [ 535.585165] IDTR: limit=0x00000000, base=0x0000000000000000 [ 535.589408] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.598302] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.606329] IDTR: limit=0x00000000, base=0x0000000000000000 [ 535.621437] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 535.622197] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 535.635462] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 05:58:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000008008, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 535.643612] Interruptibility = 00000000 ActivityState = 00000000 [ 535.649524] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 535.650001] *** Host State *** [ 535.659638] RIP = 0xffffffff8120427e RSP = 0xffff8801814ef390 [ 535.660907] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 535.666510] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 535.680708] FSBase=00007feb57c32700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 535.690164] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 535.692735] Interruptibility = 00000000 ActivityState = 00000000 [ 535.696175] CR0=0000000080050033 CR3=00000001c549e000 CR4=00000000001426f0 [ 535.716134] *** Host State *** [ 535.716503] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 535.719667] RIP = 0xffffffff8120427e RSP = 0xffff880187597390 [ 535.732723] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 535.739518] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 535.743003] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 535.748036] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 535.760178] CR0=0000000080050033 CR3=00000001d95f9000 CR4=00000000001426f0 [ 535.767594] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 535.768701] *** Control State *** [ 535.777886] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 535.781700] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 05:58:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000010000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 535.784677] EntryControls=0000d1ff ExitControls=002fefff [ 535.797061] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 535.798526] *** Control State *** [ 535.804352] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 535.810407] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 535.814575] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 535.814586] reason=80000021 qualification=0000000000000000 [ 535.831539] EntryControls=0000d1ff ExitControls=002fefff [ 535.842231] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 535.844620] IDTVectoring: info=00000000 errcode=00000000 [ 535.852045] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 535.863808] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 535.864238] TSC Offset = 0xfffffedf03021315 [ 535.871377] reason=80000021 qualification=0000000000000000 [ 535.879316] EPT pointer = 0x00000001bae8301e [ 535.881804] IDTVectoring: info=00000000 errcode=00000000 05:58:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 535.891807] TSC Offset = 0xfffffedf02217f19 [ 535.896529] EPT pointer = 0x00000001d1c3701e 05:58:59 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x40a85321, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000004000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:59 executing program 2: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000001000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 05:58:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 05:58:59 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x3f00, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:59 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) r3 = socket$vsock_stream(0x28, 0x1, 0x0) r4 = syz_open_procfs(r2, &(0x7f00000000c0)='net/rpc\x00') getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={0x0, 0x10000, 0x7, [0x1ff, 0xf83a, 0x6, 0x8841, 0x1, 0xffffffffffffff7f, 0x6]}, &(0x7f0000000140)=0x16) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r4, 0x84, 0x5, &(0x7f0000000200)={r5, @in6={{0xa, 0x4e24, 0x0, @mcast2, 0x401}}}, 0x84) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000ac0)=0xffffffff00000000, 0x8) 05:58:59 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000f6bfe8)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, &(0x7f00000001c0)={0x4, 0x8}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x3c) futex(&(0x7f000000cffc), 0x80000000000b, 0x4, &(0x7f0000000040)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f0000edfff0)={0x77359400, 0x4}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000fd7ff0)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f000000d000)={0x0, 0x7f}, &(0x7f0000048000)=0x1c0000000, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0xa4, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0763044000000000db6a35386f516ae195666675b2bf3a37c0ab8a303b7bd3a694087b97ff41b8836ab9ca5c3268dcc2c207fbb6aae9d21926651f0339eb3c6eeaf0c9bdf084ab672b54b73d383ac288ac1a0092f9f8aecef103dff9a2ebe767c8d9fd3643a5d917ba249cc54f8a450d2fa7fd94e0b80f4e9d2a63d59d2e59f6a8926c1bcab915e54e3eb934406d9ec647d2d6df3addca885cefe94c615dbfbe8ac18ee2853137caa0a34b90"], 0x0, 0x0, &(0x7f0000000f4d)}) accept4$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @dev}, &(0x7f0000000200)=0x10, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f00000004c0)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)="80", 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r1, &(0x7f0000000240), 0x20000102000007) fallocate(r0, 0x10, 0x0, 0x400) ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5}) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f00000002c0)=""/9) semget(0x0, 0x1, 0x20) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) 05:58:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000300, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:59 executing program 3 (fault-call:7 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:58:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf3fd002000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 536.442238] *** Guest State *** [ 536.445896] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 536.456545] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 536.477210] CR3 = 0x0000000000000000 [ 536.482376] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 536.491161] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:58:59 executing program 2: r0 = syz_open_dev$sndpcmp(&(0x7f0000000600)='/dev/snd/pcmC#D#p\x00', 0x1, 0x8000) r1 = geteuid() ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000680)=0x0) r3 = getpgid(0xffffffffffffffff) sendmsg$nl_netfilter(r0, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1040000}, 0xc, &(0x7f00000006c0)={&(0x7f00000017c0)={0x1640, 0x11, 0xb, 0x700, 0x70bd2d, 0x25dfdbfd, {0xc, 0x0, 0x5}, [@nested={0x100c, 0x8e, [@generic="d3ec6b4a26c2e1f750ddb19e5b459ae805bae8fa29d523fb372d85cbb0c3c33a4eb38a656984860433df0896a6541a627509d86775d3d092db609b128226c6fd693ff1a600325e1e8e95bdc4db1a04e354e0ff24341054b24f02a884e58360d5ee89fa70cb73cc0f4a573e80d464c87215edb124fd6137e5acf9cd2116e968ca80dc341e39a7eadc78149441dbe472e4190211c415ce72172b079346cba3312abec807a70c0dd24ba48f96e09b155ede4b2dce5f5210ceeb7218f8d282dd578759fb055678cb63f0031402afe315b39ccc76debd6e2ad5a4d8ef73550aeaa05f39f4d94e0962af97a1f2f1e0a7a7b179d1799004be41df16dae40459aa5b07e1899a67ea22eec4baf8f7ebf35d24e20c8084fe84fdcc080958379b9930cd82b35d0db5ed2316ab3afe4296e8d39b8f2816941f18ec6835d95592efbfee9e5990669c7ca3803e23a164a9098039bf8f4bed4ba477b3d2379c7cc37f75186bfba129baae43fa75602beceec768e638fdb31cf308ac95d22817e89ae6e59cd90ec9b3c6163620cb0690e0a73a8a122adc767c8ded7eae2ad6c35ead24990ab26eac995e3d329bcf447dd0ffde278f660b1e9b50e9a05d38c981593c1b7863d221832463d089470b0762295e35426c65b3e47b71dc41013d5bd155605f3beb0820fdce896fbf9f5869aabe0bd552fcd191e2d56852354963c1aa8b84fccdddd2e6ff3a44d1963983cb135c491b77b82172536b4816c593aac5329ca0b6527f0c9b8a989b2e01d19d8bbc22ecd4393a0156c86b26f08370b5ae2ba8cb70f2d7f953d8afa3785f1f0b619b89003fd634774f309762ebc77c3dbcb6b7fb7a9ac1fd4e63375995ca3995c987792e62dbbab353015c12b5d8191e70985971ba782caa724c66a65972311bd65bf6f0318d39b63c84d38b2d8c0af15de2f17cb9bdb1d92845b56d34edb10c4964591c7100b40e95c38d99827243f081947f7984c4abef3cfaa796c1b4142a4813d998bcefdc2b453671d687cdea7ef1b45cf7804b2cd43033c1b09016e9ec19d4e6eaa23b1f5eed3900e04d848e127095b25151a0f52efb4fabdc0f5e431caf663a216598e23bb1322d09a323a6086f3e2c541c9e5510a9cc4f709e8f91f79bc8469f50996732a8680077589c2ba64263ac9542de24da6190bd4575f9e51f4c501d99ac18998873255240a837a1fe213b808d59ea323b58d9cbff4c0eb640f8b4ada3efd7bea30acee736de9397419e21bf15c792a93d66b10f1100d8eec4596fdaf0598d13bbd289e086be45db66f52cede5b0202b9247a220502faecb2e93c28cfafdf37d4125169159e4e7bfe9a9c528d8918a6bb0b0bf7d3bdc7de7a41b6e8347e26afca8a359edb04356873c4130aebf7d58c8ebf5f8fd870ca898f10fd15b97819376094aacc1ae2e3e40bfb078820b84aded8e0a87973d13e854d28f41959178e007004d97a0947d6d970c9e09a25599c96a03bfd595fd92eb2fae6a989c6197890308f4243d2cb1a0ccedc9f129a6db3ba2883077f17037f8f59550006e81e73fafb5bd36f90f7bbf5da7cad7d51a6689ea8088ad6a23d6e1bb6c127d859c05120ba58fc321e1c5e0b87b73955564f56ee45a2ea36a1637af3122fec10d934e0293ff06d2d8ff95708d9cef013b4be230876794812c59e5de513c017e2c2dbce4977ac3df050c17acec87e54abe0694bef1cba45d6f27241d7d897023f38ab44c3dbfb10cd23214f59b583c75e03dbf0e146ef40aff462274725e973821df4cb70f056fc9842b141799f6d3004d1554326c9f4fff1af59ce04b89240995f40b38bb835198201aaf57d8d5660fba195524d044faf42e61499197df2077a15e4576f5af3a30ac1cca7d6a2062c68f1dadc45d333cb5d4cd429a8ce6c2b0dbcbe2fa998fc130583ff5c50a652a0252bf22dd6dab046813096ebedb0c0d04f83ab249c59bb2b5b70e477de92aaa3ed2a13a5b22b471de34c07056d85444b935a5fd5ca18dc32f1ac2b363557386aa564f7173dcf48fc4174ef87b90daed0d9ae7637bb9fa8de6c2d49086dc7277820c8617ef1ff0538edf521aceede53c93edadde5362fb9a8c934dbbbb5f1bab3038bb1c5d8aa471c01ed20b02baf5c716653acbd2cae6f8d590be8cfdda678b851ed1ff774a57a79019b4d9df452db95ffb4a09d27492b5e159fedd5cc9f44f4de2277e77e96b43ced3fc9897fbf444ea569c8351cd739de8a471b8d1ced90fce361fb70e61eaa837b8b9c5636e7af1be5e11b023cda8e0fd64030c835a3d5f44bb5f78d088a417596e6b2749989aa6bf93cba02addbb42a4fc907605ca7916af5992041d4d847147b34af9762b54c2479f692b3e6317d9ae0ae5603d44a2466d6010e19fe4d105b49f52bba8f8a674f42c3e8f21289a2b88d4920d55235ab1c22701714efc42a8f70a98b64cf2eff0fc1e11982294aeb47570a433d349607a91f7e31cc3ae909f04a2cbfdecde5dddb8c387beb05d90764abfb343999fa9f60361476a53395e68242e769dde3adce6b7b2dab597f10d36ad9c3161c6672a7877669009fa9e18ef25087d1c5ae63a1843d79673bc379b771501e8f234ef3769242815aa97c0c27e9d2fc7e62a2f661130ae82d7c613d0b42d63ccd05f5a427a3fd4b3441dc31da8faf201e3570d7f46f438c6983453da3c37741ec2001fffa960d8e9ef706ed8af710646220de4eaf1b80e9e08f9cd87b41d647dc763978e1b52644c2d8972a0cdae7c4c80ed2406522139430b7b2fa6025df49417c50e23a9c6b44e1cfccc2d023e914251e862315ea9fdda4b36eaaef860055215a0769d2dc29e586dbad7058de835e0fb0c278e1ab037f440bd5071c0bac7562e53606408340835fa9aa5ec548e98b82fd3738cb791ebc4c3244ec6452af9bffc7950b15ff23dc9c9d588459c1500b7ff4faba4be662544e36bf538a58273c3397c76916a50fff4f4fd60a85b95e80deaac29b74dcf5ef4e8757eb8970e5cbcc5c192baeb2f02aefa211dbb61cde13dac168c13a2768add85b8b079fe01f9cf5dad4c5ccc281bb73e82a096a810330cb5bdf563e9fffd5c3abde40cc154e3bf17f1e7f3b827d8c5ad69e475bf6cd729e036dd894d79631570fb31529d31b189d0da2a834b0d81b213941f460071c91cdeaf5fb4e23d915478fab80fd2ffcf08471b6278e1b73c01f798bb5cf5abaafec841f439e5cd2bc997d0d1b0b497cd961e3fae6dfb7bc01894258f56265f0c82fe26f9d558347397562334d0752821a50d522d244edf935c13bf67f7be50c3af0bef6940ae7d04d6ec5d843cba0cba338a49af2635b549420892fc953d474d70b017da534a2ed8bda5518ed7f31b492ba68a561fbaae16c94721d4e7dcc584f99aff9e78729d0ab746ec2e5468fdff43031441048b080694d723d09f9e077f152a44e864a0a4bf8f74751d18acaaf92540a5f55e871115a8f4fa7f63a9f01cc9ea4657f82467aaaf8bc03a98a32239a7883b7958c8212ca7333318da4d903395e0dd5a717884d41ae6666e5c7d748f8c1cfdae0915bb2681c5e7d26780d945f2152c055430ef5644fac4206f7a5a2871625fd0108b4a1a595209709e5f31e44e844346008f34becb93c3cb91b41af423480c4aa29c0c828f942351370f066a728e6f848bce4bb9de93fd6d5f57c3a2d950818d97034cd67190c4631125f0edb53fb2d7cad66caa89005803bc4f059d7cc3117ce2875263d3584a3de2658cd379fe19160db1a573daed95e81912d6858173ebb1fd6bb067d48dce31ca6968b4ff92afb8ff6ab14deaffcd5c752212cbb892a0d552b5a098b38dd41e78ae94b7e3d2695c422ee505fd1d72b2177105ace18b7c0143282615a5d0a97b9b66855fe5bd154f1bcf53ffb25fe3ac17dc466091432d3a269a943b129c87fd176db1804549126198091318603ea9f493bc63985de3fd20be7c09b403adde3ae0dc518309a840e91d89ef5f8b55845b0ed011bab429afc6910e11e7d160b30acc027d36d3d3a8c12ddf2e61fb894c322336de0eb28df1e865430a4cb0774e5a630a01c26b1b45ba72652f166d42617517a9f3860bf5ee1fd34697843eae8faf291c5b889ca3bde6d416faeabaf78d1bb20b8631e0cc2c3e65ec45028799558da66ad6859071dc2c5f7a6f865432110aecd7239c3f4842d5eeb4b4f3557dfb629abd70837bcf6cf31f818e5d3d041bab1194f7bf5e6e288917f144af4d1ff15a8fddf6ff47e129f573e132de5b91fffde39965c863faff19da23d6e7d7d630834b1e5b5c8ad52b92dbca5923b087b99faac166d7c1ea3e70e8a91fbb0c5bbe0c9d84d82d83a43bf6442526b840c4e877dd0215f80c442298b13fb69693be6d5ea99e03a79b9283203f15e32bcd38ce0f8840920953d182b2d6e805af26e35cb4b3fc7cd124df934519549a4f477598bed4be327324cbec5546bc7f886976b300d4488d410b4e3beeaf08046218027a216344107fd0a9ed5f82e199897fdd48c42ab976f9c05050b70db1a623958507b4e46a0dafd511fe732fac50e1171895232fdcc4d9dcf1200cab5a5e3df3ae80b7b19f5bec478c4b4f7b72e461b68842fe119d6771be7885363abd651f9de3080b6c65627872329226602448076c2ac3ca674c4e645b12b2fe848c71c1e7a432a6a55de913ee2aaa7e477b630cb184a5324d3e794aa92a47819eceaf1cd97e0dd57ea331bab800a57e1e6b3bcb89ea3f83dd6262fbb621933d67053f68f6766b853aefff94eac8cca9bad351f5c85536e57d39c1d85365321abbe90066eed0d7f0701795d9b522ff51c122099dfc26b0789b25413c1c64b409df351c0addeed2c1d0e502426aba15ccfdc1efd6c3cb0c4624e07ae452796a1a3fb0439513cc106bfa09c82986b239b5fb18fe569be4df6bbee52c78cb1acc70d85ec3bd23798dadcc2263d0ceca11f35343df9dec835daad30d27f88f04722066755c9e5843a3f50998cf483deab6ea227fbfecb9f270ae7542ebf2e94e5ef2a0d0aa9d397d34afa18be88dad9de7a0b33880c63ee207cd6415e165e35b1ec9ffd5d9a110cc30b7c645fed7b8d2b45f73e37dfc3ccad99db275a3789be1f5195f514a975d89e7231d432bc5f5b53a6e613ded163e26f9b6a3964c8969155aa87414f7017d81f4e0a7e41082c292d61bc4daa50cc1acdd75744945187df0184477e8da4a61e59d8d7ab11e4d813efd664995ccafc94b4d7b60d38c9dd4eddb54e2e0ecbd0f91db9486b6eaceb5d52b4103456069786f81c46877daed081af75209956745cc33a3b329f0585044b770132d58e62c34d67962f55a646e1e09b8c0fb57a5f79f66a4c0eee48cf8a17c64f50200ffdc7ca107ceaf7f9190998da2c39bc8a35571c1a6541882f2c104e8c28d9ef1b1c2b5cea1648c6664c57ecdaa93fb12767474be9ab96cbf0228f12fab993be3378f2953cb42542eb6bd4f3e08ee1cd8031adf44d6450314ee15aa2d07563ea858b6c120534f706ba786d8a8b4bffbd2fed4bb71cd9f148da93bb41394a223d720a88623b4421f212ebaac0a1475e973f77e8bce815c19a503fe18236f37b0b3b46434a1697af0ddadd56f157b656b89fdc22634d1886b5f687766a196962733d6b512457758ce478e3e34e7efe72b03ab4e3a4f5ff2dbfd508f0f076bb9751333646b7cab3ed86b2d74b5f8c14f484963c41a06984a47f89cce2934d5b681eb2e69c3abacc9a169c9df720b97a3a5469512a98d0c02d877a81842d2429ddc991f3f39502c643945fb", @typed={0x8, 0x76, @uid=r1}]}, @generic="90c0fdd6daaf62f7d2696ec794b7912c6450110f988290d3cd48d4da2477f3a706282a6edcc5bc0c4ff34c88ef06d763091fa826e9459234f6cff5da59f95523bf4867f87b993db7c33e31b5f5f28d96d2dc9378fd783175b7da7b871ef8e78c60698759676f3349646c34d1bc1e9ee00e3dce88fa4b11ed1cc486bd1ca3a28ba984dca2599f3ce920eb741eb7e9d1", @nested={0x1c8, 0x3, [@generic="51d00a02b3c1d0106cfb18c4d43b2116ce80284ce3a24f5d9549080a26f0f7b9aeb3b25e0ae414f82c106881f91dd49671bb0489b8966ea83dfa9e4033808c377eb49d4c9ae806af0d822b51757ab265b1323a254c3243dfec73dd03565592953f744de386f3d28ee2abb4a571c7ec5e553b4750bc557cd24ec99c935753538d590e915953110e74ff31db9bf7546cb4108149cac4f31231367db2a40ccf7ab10ac02697be99d8abfa61d55b5b5b3e1e7722ce5343796ff00dfb517cabf1b71ee3bc426b1877af8da184", @generic="a93edb4825944f865f5c824f7820aa7048c0d1c8cce8647b76e1b10c32406b34f265a27b4b3f697fafa12d5aadb6bf", @generic="f29de521626de2cac7bb76eb4846406b99775ce580ec26b94f9c3b7d74dd793f1f2ff2ef5ffc9756b39136b283fb039dcc28c32e17ca93e2d71e61e1f0ec58864bfc13529ab1eb6c23ba8372f60e7b0fcb6c66a484789e9454ea5de21d2d72cb4274b89ef39a6065a74b681e1cdcc282074b37359c2ccf5697a9e944feed6a64ba878911fed2a783e595fa756535c01c32ff64a534ff99a6211e8c3ede736ffd84f6e3c4e7a65e13526b87aa17dd51ca388ddb19c1831f48ade63edd42e34b9170ad07e3cb2a1e28"]}, @typed={0x8, 0x4b, @pid=r2}, @typed={0x4, 0x1}, @typed={0xd8, 0x2b, @binary="ec908b64bc74e5030136468debbac63a93a762fb48dee41eece874f6f455896fc1b4db6a5afc3c725166d064385225d8c56cda5496ec9901a7b1469a97ddff3d2fbee8f7e268a1aefb394017a64057d2470bba23331ec13e4d560ea44257d8bd5d5d44d020c05bc1a99033ee45609b7769574648ae00500222b6594e8999c39c048296eabdfaf05373450cd37c30bafd96408141c883a7116a3d1cc100d6768c12c9944150c0e0333ba8e5c1f89be79db13f1d0549b4a449ddb35826d4aeb730081119e93effc5488b016c70e70aacdabf9f"}, @nested={0x2dc, 0x15, [@generic="f558a020a6f1779b8473bc1497cd0157dba160658a25f9713c0bc469400731b3cd1813b3d1945b974242783bad115a585b69aa29630fb7d5bb5f5d9184ab63dd958ed721d1eb56da369b98d92b14d812cbdbda2b8af7fc817c6c80100e408178ba274ccb37d7e565b9ab18f9066b60aae7a2ab35caa8ef9ae119302ba6ba228b963cc6bb5c518ecc77fe4d58d796df3cf920ca400f97dc37460af0d19e87bcbd81f7567eff984b3bcd76002f", @generic="8cb3fc0119ed9e4f31a3d66e48a9a0a4f3e91461d46318e6e489015796a20cfce9c926c3b501650a43522a4a24f48c64018b2129deb25a331286660a25236949675524a3717f908968e36468c4ee783242e277ec6f0bed57149d99d0b96f893170bdf32b48a48c877110e9a87d30cacc66fd10a1f90cab4385af1a7e3366c5fe1477b4bf72c623ffe2425920ca06e59f35711cecca7211f5f5b2fd42a923f5596bc161b8f649a3d3363ff7dfd882745f201f1f578a25ca58", @typed={0xcc, 0x4b, @binary="79e6aef0506684d125de78499ea03297782e10f13e8ef29c185fbe1661815d1e3e9ec2033b36acb96072444d2c204ffeadfb359a0cd34e88addb5409f1ad9483edd1aa14ec314ce37ebd9ac7766df6bc71e4f8fb553ffd2cdc1786efe9f7773bf4cf850782d92531df10fbd8fae5ba46276b93d6c2c0ccede35d38695528db6ae268728cb2aa36343cc059aebd2ce66cd7ba8d2e7a81dddb28703c401f332fd822f82d378e95697fdab691b94500bd8387886d98646dbaadb9cf6a76cbb169183c2ea742c0508d"}, @generic="a507157c2e1d88cda8b0c6e8486e43c591b210927af510d142799d6a90d9010811530aa14ec462815fe7c13e57a9fb0b76a684cc3bc27f84e1af1e3c947612fa80db61f490e9da2db8424be7a8c64a618c89a3f6fb9c42a2921fa9144952f9aae46a7a3f16ebf65f70ad59156d4751399e5825", @generic="d8d9852c978d50ba09bde9958b6968bccfb80881fa52ebf8fc78c3052820559867a6aea0ebf021175d07be", @typed={0x8, 0x37, @pid=r3}]}, @typed={0x8, 0x13, @u32=0x80000000}]}, 0x1640}}, 0x40000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r4, &(0x7f0000000000)={&(0x7f0000000080), 0xc, &(0x7f00004ca000)={&(0x7f0000000100)={0x1c, 0x0, 0x207, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x1, [@generic="06"]}]}, 0x1c}}, 0x0) sendmsg$nl_netfilter(r4, &(0x7f0000001780)={&(0x7f0000000040), 0xc, &(0x7f0000001740)={&(0x7f0000000180)={0x249, 0x3, 0x0, 0x21, 0x0, 0x0, {}, [@generic="85d113945042bf943706da0097f9536dc96a7933c007975140b95c3127aa2a4fc6f333b3ec9400bdb296999ff05f5108d2e565fa3b41a50bbc42abf9007663bd78c5b324f9e0790318549e93d210db3c608763d4924c47969ef649b04370feb2f8243cd7c9", @typed={0x0, 0x27, @ipv6=@mcast1}, @generic="6b8db96b474f99a67f324dc1ae9c5ec92d4a555936344ab2e7c53a2d5e5fe8c8f856ae9cd4271ff0cff5a9c9de5ac42192978aac47aaa145ab9d4ce409543a9b1e952800afd11de4dd62939143c948221218dbfec802f36f0b492514dff155e07b8611df5777a65b6a34627b01fc0e98a24410fbfeae066c334672e31b6f2fd52e7bc5c3cb62399a28f8f6475f5942c5ccd0b144893a0c7de228465dda34f5c0e67533bd27bc06a66019ef74fe0ace46db2cba1a533fc961c2098897c29a6b4b68d5e445dd04f5368242cf9e8879", @typed={0x0, 0x43, @ipv4=@multicast2}, @nested={0x0, 0x31, [@typed={0x0, 0x5e, @binary="ebfb1602399736966a95e3d531c014c821b3fc30a41735015b2145672b8e3f25184c1419a983e5585a43e67eae3b7433cbceeed99758e8b1f38b6e5927fbbdea885c4e8eb91eb07aa3b931e6b9fdbcb53382e42e5a8f2e22e3054428f9f033eb186def33b4e0b83f1708a052d9d27d68aba956c924f28b1ece7d22b29fd47997f9b55c584ed7be30b9d290f828d90da3b54344c401e75b9d516a677b67c13cd4254b9f5369718e4658241da2955b914dbbe8564a2cec0361e8d5604461ea"}]}, @generic="7e942f4618adfe5dcb0897b64c4ed4c33606a016416ad6e975313f9aeee8ce2e5fbb3b8fcc153b0dcba64bdff9ef7df7d9f8efb00eef1839869d89ddaada16e38fa830e84882453a09c86b0c5aa64e2cb5659036f99fcee8ab4e4006586b3e17e8a72fe490ac36be0eb8df071bed902eeb327913e5c48a6317859277aeb1d8f14494a2fd903962b40bdf0decfa0b9927e9e3b2624b6af71042af7b97fc6eba682ca6200624af28ec55cd52a2c4278805193c5bc16d4cff8eb1ae208527932c0509738414794cc25219300977da01d8f7e17d55affc739258d8c360edd2a2ebfd7964d65c8c93a247f2b01218b3a5462860e7bde891713d187508fb04", @generic="17030a686207eacb64db456c8d86ffb153515e10b657f70576032672cb19c84fd1d2cea9e5273d6984efe265850cd1043e5d35eab75490e09d4665ce43d6404fd63a9fc4bf6152795246047fb22407b44ad84f8ea61b05aa0141b02985fccea559fafb41bcf014f30db10c114a8ff02ed982340f05c8d6893ab4443b21d7ba760ab8d4d794489b68ec71922199b62cbbae0e978ce182370b244517a2bae8b9f7943deb1c4a99e2d58df417e13cabc4906d645d4b383c250b4a32bcf9e0e2e93fd51932e5dea7c6a642752f5d5bfa5a5ffbf3e20adc"]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000000000}, 0x0) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x28cd3fc4, 0x200) [ 536.517201] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 536.533980] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.551556] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.560652] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 536.570170] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.578790] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.588505] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.601986] GDTR: limit=0x00000000, base=0x0000000000000000 [ 536.614185] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.622731] IDTR: limit=0x00000000, base=0x0000000000000000 [ 536.631044] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 536.640820] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 536.648684] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 536.656500] Interruptibility = 00000000 ActivityState = 00000000 [ 536.663296] *** Host State *** [ 536.666684] RIP = 0xffffffff8120427e RSP = 0xffff88018895f390 [ 536.673021] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 536.679716] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 536.687879] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 536.694105] CR0=0000000080050033 CR3=00000001c2582000 CR4=00000000001426e0 [ 536.701490] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 536.708182] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 536.714276] *** Control State *** [ 536.717741] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 536.725207] EntryControls=0000d1ff ExitControls=002fefff [ 536.730755] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 536.737696] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 536.744408] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 536.751031] reason=80000021 qualification=0000000000000000 [ 536.757351] IDTVectoring: info=00000000 errcode=00000000 [ 536.762849] TSC Offset = 0xfffffede6a76070d [ 536.767183] EPT pointer = 0x00000001c2b3301e 05:58:59 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x4020940d, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:58:59 executing program 2: getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000080)=""/40, &(0x7f0000001000)=0x28) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000140)='dctcp\x00', 0x6) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, &(0x7f0000000380)=0x1, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, 0xffffffffffffffff, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000280)={0x44, r2, 0x100, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffff}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x40000) clone(0x802122001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000700)={0x80, 0x5, 0x3, 0x63f50061, &(0x7f00000005c0)=[{}, {}, {}, {}, {}]}) connect$pptp(r1, &(0x7f0000000780)={0x18, 0x2, {0x3, @rand_addr=0x800000000000}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b700000005ed0050bfa30000000000000703000031feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000012d400500000000005504000001ed00001d040000000000002c460000000000006b0a00fe000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000100)='OPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xb}, 0x48) getsockopt$bt_hci(r1, 0x0, 0x0, &(0x7f00000003c0)=""/252, &(0x7f0000000300)=0xfc) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00000004c0)=""/93, &(0x7f0000000580)=0x5d) perf_event_open$cgroup(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1, 0x0, 0xff, 0x8, 0xfff, 0x3, 0x7d, 0x0, 0x0, 0x1000, 0x0, 0x0, 0xcef, 0x800, 0x0, 0x0, 0x0, 0x3, 0x0, 0xb56f, 0x80000001, 0x1, 0x101, 0x546, 0x8001, 0x5, 0x80, 0x0, 0x0, 0x7, 0x1, @perf_config_ext, 0x4004, 0x80, 0xfffffffffffffffc}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000540)) exit(0x0) 05:58:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000003, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:58:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 537.170649] *** Guest State *** [ 537.174307] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 537.184182] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 537.193769] CR3 = 0x0000000000000000 [ 537.197729] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 537.204392] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 537.211079] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 537.224474] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.233008] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.251205] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 537.263802] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:00 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xe, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:00 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000006, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:00 executing program 1: sendto$inet(0xffffffffffffffff, &(0x7f000001d000), 0x0, 0x4040, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x26e) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r1 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0x7ff, 0xc0) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000140)=""/6) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) tkill(r2, 0x15) [ 537.277039] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.306074] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.343691] GDTR: limit=0x00000000, base=0x0000000000000000 [ 537.364790] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.384302] IDTR: limit=0x00000000, base=0x0000000000000000 [ 537.398359] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.436947] EFER = 0x0000000000000000 PAT = 0x0007040600070406 05:59:00 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x10, 0x6, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x4, &(0x7f0000000100)={{}, {0x0, 0x989680}}, &(0x7f00000000c0)) tkill(r2, 0x15) [ 537.465354] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 537.495055] Interruptibility = 00000000 ActivityState = 00000000 05:59:00 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c0000feffffff, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 537.517115] *** Host State *** [ 537.526780] RIP = 0xffffffff8120427e RSP = 0xffff880180077390 [ 537.534626] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 537.569391] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 537.600784] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 537.615465] CR0=0000000080050033 CR3=00000001bb070000 CR4=00000000001426f0 [ 537.651704] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 537.679813] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 537.697059] *** Control State *** 05:59:00 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c0000e0ffffff, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 537.706090] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 537.720004] EntryControls=0000d1ff ExitControls=002fefff [ 537.726813] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 537.734634] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 537.743907] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 05:59:00 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x41a0ae8d, 0x0) [ 537.751332] reason=80000021 qualification=0000000000000000 [ 537.757832] IDTVectoring: info=00000000 errcode=00000000 [ 537.773823] TSC Offset = 0xfffffede06b29d42 [ 537.779245] EPT pointer = 0x00000001d288d01e 05:59:00 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000010, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 537.885096] *** Guest State *** [ 537.888767] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 537.898197] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 537.907675] CR3 = 0x0000000000000000 [ 537.912554] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 537.918793] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 537.925382] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 537.942451] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.951139] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.959322] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 537.968325] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 537.976991] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:00 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x408c5333, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() process_vm_readv(r1, &(0x7f0000002300)=[{&(0x7f00000000c0)=""/72, 0x48}, {&(0x7f0000000040)=""/37, 0x25}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001140)=""/41, 0x29}, {&(0x7f0000001180)=""/56, 0x38}, {&(0x7f00000011c0)}, {&(0x7f0000001200)=""/79, 0x4f}, {&(0x7f0000002280)=""/71, 0x47}], 0x8, &(0x7f00000034c0)=[{&(0x7f00000023c0)=""/104, 0x68}, {&(0x7f0000002440)=""/10, 0xa}, {&(0x7f0000002480)=""/7, 0x7}, {&(0x7f00000024c0)=""/4096, 0x1000}], 0x4, 0x0) gettid() r2 = gettid() io_setup(0x9, &(0x7f00000035c0)=0x0) io_cancel(r3, &(0x7f0000003740)={0x0, 0x0, 0x0, 0x0, 0xffffffff80000000, r0, &(0x7f0000003600)="64a993805d1aeaebead92b8ce1520a4996881c2b50aa482cdc12b4c05d9b34b36a72128880bb29eb03741b3998ccb9cc33e89684aa6a6af4417d05e019675c5eadbdaecb10acfecbd2d17ad7bf9fce601e21913e325282ab6b646dce3d8cd185cd3f9a414e90b1636375597a4065749a6a36da3b6f6dd3aeb59d6a11e504701f6a83a8f8585d72ef7379ef528db97ad318b104027693feacb33e8015ef94ab0dbbb94c7954151a3aec73d216e20d13af377fd6841f47811fe7eec2c38d86a73784e2bc913ddc98d97f8a5b2455131e6ece18134821cdc1eed2507e1ff4132ac8d1ae7b624cf1ddea06eaf34333f4c226ecbfb21fe5", 0xf5, 0x9, 0x0, 0x2}, &(0x7f0000003780)) openat$md(0xffffffffffffff9c, &(0x7f0000003980)='/dev/md0\x00', 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x802, 0x0) process_vm_writev(r2, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x281, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0) close(0xffffffffffffffff) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f00000011c0)) 05:59:00 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000003000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 537.999503] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 538.025304] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 538.052944] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 538.064326] IDTR: limit=0x00000000, base=0x0000000000000000 [ 538.085654] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 538.108380] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 538.117973] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 538.130928] Interruptibility = 00000000 ActivityState = 00000000 [ 538.147162] *** Host State *** 05:59:01 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000002000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 538.153283] RIP = 0xffffffff8120427e RSP = 0xffff88017b64f390 [ 538.164582] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 538.171751] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 538.190739] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 538.206757] CR0=0000000080050033 CR3=00000001cc6b9000 CR4=00000000001426e0 [ 538.240943] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 538.279176] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 05:59:01 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x3f000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:01 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000008040000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 538.305228] *** Control State *** [ 538.315569] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 538.339071] EntryControls=0000d1ff ExitControls=002fefff [ 538.345714] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 538.367537] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 538.390830] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 538.424301] reason=80000021 qualification=0000000000000000 [ 538.450972] IDTVectoring: info=00000000 errcode=00000000 [ 538.468876] TSC Offset = 0xfffffedda5aff96c 05:59:01 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000800000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 538.476046] EPT pointer = 0x00000001cb84b01e 05:59:03 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000001d000), 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/81, 0x51}], 0x1) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0xed34, &(0x7f00000001c0)="0a5c2d0240316285717070") timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680)) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000000c0)={0x0, 0x17, "9bc0aad933acd0aed94ed60f3773736ee26c9b8701107a"}, &(0x7f0000000100)=0x1f) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)={r3, 0x22, "e8755c55b73d2e99a5acdec271b7af1d07e9a7b4c9aa2491e1df1ae20ca4687ebc53"}, &(0x7f0000000180)=0x2a) tkill(r2, 0x15) 05:59:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 05:59:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000001c0)={0x0, 0x6}) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x2, 0x2000) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000035abe1e80d903e0d517ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000080)={0x0, 0xff}) 05:59:03 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa10, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:03 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x5421, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:03 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xe00, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000001c0)={0x0, 0x6}) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x2, 0x2000) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000180)="2f65786500000000000035abe1e80d903e0d517ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000080)={0x0, 0xff}) 05:59:03 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa08, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 540.640240] *** Guest State *** [ 540.644848] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 05:59:03 executing program 2: r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, &(0x7f0000000000)=0x6e) ioctl$int_in(r0, 0x5473, &(0x7f0000000100)) r1 = timerfd_create(0x7, 0x0) timerfd_settime(r1, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f0000000240)) [ 540.689935] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 540.726466] CR3 = 0x0000000000000000 [ 540.734224] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 05:59:03 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfae0, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 540.741052] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 540.747878] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 540.759585] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 540.768211] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:03 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000400)={0xbf, @time}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc0bc5351, &(0x7f0000000080)={{0x0, 0x80000001}}) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000180)) tkill(r2, 0x1000000000013) unshare(0x8020000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) shmget$private(0x0, 0x8000, 0x3f, &(0x7f0000ff8000/0x8000)=nil) semget$private(0x0, 0x4007, 0x0) unshare(0x8020400) [ 540.785059] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 540.806049] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 540.815720] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 540.824081] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 540.832441] GDTR: limit=0x000007ff, base=0x0000000000001000 05:59:03 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa03, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 540.843714] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 540.852755] IDTR: limit=0x00000000, base=0x0000000000000000 [ 540.862028] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 540.870269] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 540.876888] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 540.891362] Interruptibility = 00000000 ActivityState = 00000000 [ 540.900158] *** Host State *** [ 540.906970] RIP = 0xffffffff8120427e RSP = 0xffff88017f957390 [ 540.921276] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 540.927727] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 540.935917] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 540.942110] CR0=0000000080050033 CR3=00000001d194d000 CR4=00000000001426f0 [ 540.949388] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 540.956177] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 540.962813] *** Control State *** [ 540.966287] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 540.973008] EntryControls=0000d1ff ExitControls=002fefff [ 540.978473] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 540.985642] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 541.000033] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 541.008179] reason=80000021 qualification=0000000000000000 [ 541.015009] IDTVectoring: info=00000000 errcode=00000000 [ 541.020884] TSC Offset = 0xfffffedc32a4eba2 [ 541.025665] EPT pointer = 0x00000001cdddb01e 05:59:04 executing program 1: clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) clock_gettime(0x100000000000001, &(0x7f0000002fc0)) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x12b400000000000, 0x40) r2 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000001900)=0x1c, 0x800) r3 = accept$packet(0xffffffffffffff9c, &(0x7f0000001940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001980)=0x14) r4 = syz_open_dev$amidi(&(0x7f00000019c0)='/dev/amidi#\x00', 0x7, 0x80080) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/fuse\x00', 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001a40)={0x0, 0x100000001, 0x80000001, 0x7, 0x4, 0xffffffffffffffff, 0x83c1}, 0x2c) pipe(&(0x7f0000001a80)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001ac0)=0xffffffffffffffff, 0x4) r9 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000001b00)={0x0, 0xffffffffffff2b24, 0x10}, 0xc) r10 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$VIDIOC_EXPBUF(0xffffffffffffff9c, 0xc0405610, &(0x7f0000001b40)={0x7, 0x5, 0x100000001, 0x4800, 0xffffffffffffffff}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001b80)={{{@in6=@ipv4={[], [], @rand_addr}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, &(0x7f0000001c80)=0xe8) fstat(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000001d40)='./file0\x00', &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000001e00)=0x0, &(0x7f0000001e40), &(0x7f0000001e80)) r16 = socket$unix(0x1, 0x3, 0x0) r17 = syz_open_dev$amidi(&(0x7f0000001ec0)='/dev/amidi#\x00', 0x7ff, 0x40) ioctl$VIDIOC_EXPBUF(0xffffffffffffff9c, 0xc0405610, &(0x7f0000001f00)={0xb, 0x9, 0x5, 0x4000, 0xffffffffffffffff}) socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000001f40)={0xffffffffffffffff}) r20 = syz_open_dev$vcsa(&(0x7f0000002e40)='/dev/vcsa#\x00', 0xfffffffffffffea7, 0x142) r21 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001fc0)='/dev/sequencer2\x00', 0xc0, 0x0) r22 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x802) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000002040)={{{@in=@rand_addr, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000002140)=0xe8) lstat(&(0x7f0000002180)='./file0\x00', &(0x7f00000021c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002e80)={{{@in6=@mcast1, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f0000000140)=0xe8) getresgid(&(0x7f0000002380)=0x0, &(0x7f00000023c0), &(0x7f0000002400)) r27 = eventfd2(0x40, 0x1) lstat(&(0x7f0000002440)='./file0\x00', &(0x7f0000002480)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x5, &(0x7f0000002500)=[0xee01, 0x0, 0x0, 0xee01, 0x0]) r30 = openat$random(0xffffffffffffff9c, &(0x7f0000002540)='/dev/urandom\x00', 0x182, 0x0) r31 = openat$mixer(0xffffffffffffff9c, &(0x7f0000002580)='/dev/mixer\x00', 0x800, 0x0) r32 = openat$dsp(0xffffffffffffff9c, &(0x7f00000025c0)='/dev/dsp\x00', 0x101000, 0x0) r33 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002640)={&(0x7f0000002600)='./file0\x00', 0x0, 0x8}, 0x10) r34 = dup(0xffffffffffffffff) r35 = openat$full(0xffffffffffffff9c, &(0x7f0000002cc0)='/dev/full\x00', 0x20840, 0x0) r36 = syz_open_dev$dmmidi(&(0x7f0000002d00)='/dev/dmmidi#\x00', 0x3, 0x4000) sendmmsg$unix(r1, &(0x7f0000002d80)=[{&(0x7f0000000280)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001840)=[{&(0x7f0000000300)="1aa780509d77840802bd296be1aa1f3bead7cecf90e469163f06157286cded2d31c7092ca2d6a0e7e86bbb50bc630d5b10a78fa50a870ff0a291d830940e6221184e60ff8ed07a8e3b321b4bf40074d83e1ce242b8297a25bb67c234fa9244a21c66a39dc523e2698bb214bced165fa2d94ab5b78c2d27eee32286382331d0ef0ca4f4f2b243e159bbbde7b3d3cbc8f80775965b0d3a6a375c7cd847a6c2ee80b5c10a513942cf276394eaac5af753aaaea94e76b7598e195f4cab41c35d6828d5b9874d11f0bbd8575f68bbc0c6", 0xce}, {&(0x7f0000000440)="a168c2833cc573fdd7bd9550a38c4ffc745f9eec4fcca14924b0df8193b37b25cf1ac1ab6fa74f0e150f77c583320a113596edb3a9d0b43083eb912d1e108b31a728a4db1f08e724f8fe8fa64b848fcde977e91423365e23735e802ab4b8cd5eab593aeae503f384502222e9efece16cf2ce60d0ed3e5e01ef4c96c09a6cf0e92f36373b8f57ef7c9975afadcba56133a5e436963c09bb8a4bfe8e5816112167c8ff70cb60299e7e778b1c49cc50a19840013163d0fb7498f9848e3c14ea99691a19d8b9fd0af1cf9723fcb58ce7f5", 0xcf}, {&(0x7f0000000540)="663edbd8cefcde29a7c5371c0fae5252fdba0d348ecb77c2ea66c014dc16ccf9e4dcdc1d5f4c51f58be0db4878033884b8e6a30f36fbee2b28078279b3fcc9cb089d4f536034a7b0f1412152669dd28497115fbeaf0ee5acb1f0fb71d3ed48b88f1d0126e47ea7babb5588f5eaba2e3d809468727bd9c165caac102bb4f4b0637b3a1e239070df8e2db613602e4e43f32573b7d8c33fbb2bf56dec5362f267a739074f71a56d8c3465b62e9a5fe3530c31fc264fe49321e43553e06986976980d4aebf985aaca505565acd078f380175741a005348c1a0be855c454442e871f4a1476c4712093ac747805727604828e50cb872c09e05702a189c9e3603e8", 0xfe}, {&(0x7f0000000640)="a8348b4523ebe318fc2a6526117a6bb78fb9009435bf12243a09da387652ef17219d77c041e034af00c562ee27cb84861103cb0181d38918bcb0ca541cf82b36fbc8fccaf4e2a2fff4d07b81299325d8420787afdc0cef56b330a10727a823bdd9e1862143f89206a844a61f7c3cbf6fe8ac1b86302ae87d19bdb0caa3417c4e714f40cada417d25910d36fa555c73e6b8009221672e75dfd142625ca3aee1df74405922e8ef9b", 0xa7}, {&(0x7f0000000040)="6779320c2953a8ae9f7fba7c03fae9e939ab957941c0dacddb7f687eb3125463", 0x20}, {&(0x7f0000000100)="c00e5bf4b7a6bc53ab35aba2de5dd479b0eb8a98515f76bb2020e8391413a3ee41abde874b5fcc622c5db1366c", 0x2d}, {&(0x7f0000000700)="1788b6faf6d1c28e5207eab3088f1f331e015437002308df989a90e3a18b98ccf6b002f399748bdf344d6a3a4b2b410075c2bb784a3cf637ccfc7d7b5066fa2e29fce7560d7763fb0562c62da74a346e36d0e53305bacc6218df578bdcc513aa27f964b31bd5838e06b4b58ed040505a79a5decb0e70529906e3f8c6bd20bcec76209b4c060b68d726b5c8596136b40327fa63f280863bb9056a84a80ac133c4216510360b60c7c8171fb70023a9002f2746f33e33ef670794a08ba8f9f455c2ea9b4754cf931d2675375882ded3f4dad2fad5284d48b541cd4960227f18614c903c487a1747179ce2d8ebbf020cac186dd55e4171159e32e6158ed48d76060b957bb22ef8f0cc58979214e0d0cc1be7604884dd49db64e372885acb1c8f2789b3f3b014cf5bd0aee4eff45dea31c399416bca0247e1362c9eb9aab07f8e13b3f5170a27c05c4630ff137cd4a3b1af231435b55a16ac7dd4251efe6563aa32fe88de7819bf4bddb74530db81f002d78d15df891db4b00a42a02aeebf6909b6a24a91c67c42ceb132cdb5e4bd28ac488771fc329e18088d3b613f727924b653ac2f5ef62cef4b7a1e5b045f54238beac6e9f9a817bdbb3dd3b86ed3e8a22bd1a853e51fd5c45533609a9a49cf4e197192815984f36f55c4470ff3511533a8773657206b24681722f6bef3db6d597a6dbdbf77f4490d38ae4611c2a92e215faf5bfa4c4a9f9b93fd8ecd939eae3c07a81234e82461cd78ab485b917bfd197c629528202351b8c943e39785ddbe37b7bde7970ee767bb8cae7be49091d2babfab7485cb031c61be9d574d86f3bec4227c555ed39e55868cbf728eb04ae90d3605c6abcb2fac2bd83ad0db0fd207f583dd51ffdd15793cc82b7652d6137c0c88cecd3e18d322923f8f3e900b653aeaab092b65050911b838067e2e4b31352423da7184595240167b03939d276d19c45925897c1492fce6bbad92fdb28f3b1a373612c04dadc4ec414944886efda328f2854b4e31b02d4517ef3943926106f00a06e7b31ca68bffd72debfdd84db24be8ac9e30ba13ecaba4d02861429be62e8c3e8e22d0ae00aad401c666c9c2cdd8228ed7a1ee8a7e8f029b922f583b98a392c993ae7b3df4f4eb9f2080b41459d00e573490fe4870996d0a112df7a85cd698034e24e089ffafd3289153cf4f94df66d71849e40d753100f0846cdb5b8035ca2d12d11102974553e55605a2901bb6291e650e30a8798890bcad5836daee971c0c9045aff2e5d40d7710664633feaed0221038091b1a04c96c2df83abce4c9fe5eff436f2cca6efe690592ab20d4e6d346efa73ab369ec945028b19c8dd0c3f757ae67f52d5248c372f3c3d833803df1c44cf1496a6174f784ea6e772d66acde94cfdc15aef3fcf749bcef27508ab2399278e3e5bbbe938c138e2a6f5171699f94dbfd27e6023725c32c2dc097bf7119532788cbe76cbbe7a7ba3539b164f8a9cbe2bcc1c34fd3c262352d79288ab214244bed336fad4ab833ae14d1ca47024744ae55fb23b187bc64c904086401d64456c3c5182996385e193a53fdfe71f38fc1d2649383a8082e8fbd170a8a9788dedd62fbf573d00ff09b41e8819faa9718be478631816143cc73543236f412a65404a39f2c17ad7183885ba1f719eebd5944a7dc3c257dd8a220b9b4ebf980074554bdd3e2c5b2572d71f7b6dd952e0bec99f2bad7e6df4226652b3884a48253a048578b7d6f691a733ac4c9d75540080cbf0364c46cfda1033615f5d4b11811b60af9d4e627672b02767808215c74ad8dab17d13526d23a961fb1b6988916ca8e2811ef8f23cdbde5b8c0debdfbb1f6a82b1375358fd4ad042b302833dcd9577ef419146def0867c2fca5c78e7f1995b8fbd76793be6e8577a331866184162fafe6756968e7ce5658e4c60ba0ee938d14d279937318d36a3925800316cad694826663c0ef1112aba4c0be1653a32d2952728bde38e967bcae111cf5fcda70b9ef4d4e45cfa11bce4edda04bda92caabaaa22884282bc7819a15dc2af18cf95495718d8be9b1567dc8268d940f6c2f4b345825cfd5790a053c84779a47f84c572a52a82262506e6ffed4be6113733c9e60318d077d6343779284a00bfdd504102a1df80c7fdf71c60d312e4fb1b87a166fb54d6901b195659508082429f54348f47c5252859f12668abfd14e44684c0d223d90071de16b9130d97b99123d39a3bbf41d5de09603cc32ee9aa7559989b8eb4ed12fc260eb00b07feccd181832522831debd235152fa9806cea1d8d2eeb5c48ae39c506a1ff419851186a35f60ace13c5b447bdfd4bb12f45bb9b57bc37f5f642324843fe5d50dd9ed373ede55414e9d5fbe4de53420ef5c25eec043ddb7fd9da34a698029d73317e2a9b0dc690e026e6841aebe64259bd468da286280881668d6210e92ba850c853e981ea7f50e2897531b42a588fba17d6df83af190651571d8d9a4c3943ae35206f455261a90a303d0ba1f2bd5c7ffed259825eb935d55d1f93531fcb714e7c6e61a4932bfc06a2d88302eb408c3d78dbee6ba57012fe2e737293864e139cbb5f855f2c6bced567ac80e7786fcdfcbf5a253ef53454662be58e1cadd37070247e46e586dab40c2e523b856298cee7628880d298cc6c0fd400214e3f58ce91a49bc662aee9d7cded67a73bf1d2805acda63ce82545608d8f4b190d44f8dd9e7421c8e968ed24174797990138da6a8d2b3a17cb758730d3c2505f37dbc6aabc421e38672d6738c9e72070c3237d782bcf9238297446a7ee17c01dc5a82299e4b1bd87fa4fff603ef7929c533213d5f46cb9c923b4cd14780b3758c05aa62360dbe7369d3aaaa7fb364b7a87bbf92e218849ee18620d1c433cb88f9e6e6ac70dcdc1816241e4029cfe35de3e7887a803b745bf586787df4198ffc5ea939b944474e2706de06ae2b828a0a9a7aa7d4e00d8a170bc82f651c1ee3824672bbfd8e636c009f28f46370635bcbd8c03ca3443931979627d3841bf5104e2469eb8f21f77f4db1036cd5bb3d509287b4f55c16a9eb9800cf77fcc0ba6fde97552bae58de2874760cbcf811fcf5529127d71cbfc881e972272047bd9046a83bf0ff8d5627bf80b994eaaa9b3f1be22845cfb603b192c2bc59608b3717820f5777522bf007ce80c6e2f8f14bba3cc07dbc2e3d3b92a6d48dfa687e5667129dad0519f74b383403da70908d1fe5df72c27139ca529333ac33adb062a81d56af2028a597c6fafa2d4fbef02ed4339b0c36b74a0c474545b64179a5a75691a6056c76a20e87067a0c7a9d7c87a58b6cab3e0432355bc2b44761f76e6bc49d5b63af5e0fe2b733147e6d31e2bf0820ef9ea1714782fd7c8904268bbb51b9425d90fcd478508a0b1f4ce1c8e794ee487e407cd871ae66afb6650709049cb7a3747acaec952f28cca1418ac78c64523b827d551e510a794d817b63c951025bd054d71c6e5fde1f07acf042dfd26009a3b3feff657ced037fb0ccaa465baaa8db4130c61dd1b9d14d6ef9ecabf7dd690e92f6ce749f57d8ca6b9d021b3800c9406ccd94cd4907247dae346b1cccaaf3cfe0a3b13aabc1caffdab0ba32e39eca45ead2f07fdce48e7377b91f0a203d011b2462e157002753bf1d7cc593286e1050357766b8e0e857621dc45b4070a896d0ba6b388eb4015453a20c48c66fc3075900f8b0e86669421a361e1a0ca2ee1f295503df6ff1f1fa3cd1f6048d03a7f3d4a9e884881eb85fd994a02945cbe5219c9f4077854ff98cff6615d35a45dbad7e44dceab592b6f6b5d7bc430db8301e41ad0ef472c0753db2e4ad0ab92ca98336bdc8f0101ce06ee54e21a4572dc266b69b2d985812a418509e42171563ed551af1d768ebf49ee482cc62d0171b17e7f86dc9e4bc79e762bce56fc963a7b897d8ec294bf922f736013ee1a9be134afcbf92fdf46ce909cfa666215c8b638a3a39781c93b0c802e989809345a4dd7fdde6281317bf36e096213533137f955855832a7bd93383f02e2140e45ebd8474294c10b23395f61b7bfe37abbfc3bfc610a86e68705186ff3a88567d7cd9538ea9e7cbc36ae9b3b8fc75c669cbcb6e4b0b75d8752c8406b7ebf56920b4f5bcd7db8ee1dfa0ce9466fda590d619ceec2276c7a10bb61993d7ff060ce0b24fe1eb67192983e11ceaee78abfc39b4b2797dce79a55c6d035578a8513051deec7935c972d45e3a38921a5cf7ea74ac60a9e604c346980211a99daf379c7f0affaa5236d45a6dafd99a5b4d9be7d46bd4b4d2ba5c7238b67aeba2b303fe703655c8f9f31a5641489d049c45b87ca2abfbc16e1a5196af6c534b08107c96a9002feb6d2ded377881109ecb8199562adaa14f865b1f16ee30e879072d041b22de0b5dff66e779f9ef788b5bbb9abe42ff97be4eb4951aa57f7d9c1b992a32a2c88c6eb296f14c1fa21c1350ff143911b060771ed493b9bb4246ce422b732fe573ec096f662fd8b9cd2cab597709722fb4dd64cc271006489880b7ecc81b6aeb16897782f33133da996b1ae82aa11254a72113e8446812da6c47852d08aeca174557a099a6237d84cb5ef550b47a4835dfe2946c09725b58e759f0f2f3f19814b97845cb83a303be1d510a359c164c70d950db57d17bb14423428f901125572be22305d314676b67ab77ef285497b0082a63ff4b2fb0e34651647d738293d921fad8bd2725b57f2f087ff76359afbeaebe641d40871ec59f6375af824e4efb2642f5b8367fc9e8fbaaaad0dbc41274e58685c3f5d85210c5f31270c25df97b670113e1bb0d46930e1169876cc1004b8f2d2c16a8eb0f0ddfd06b1efcda7fa87eb68ee05504fca6d17b7827646461a6426509445ef391abb2ed511cda7bb7edd1ec38518d1938c23add8e9c32eb00c629afd650872b6199a42c1f6a5471801f8f2dfab0bccf102c7cc31fff82a2ce1895e2b3a2ac0e7e99a909d215e1451e9afc2a9cb96ffbea52fb277cbfed9784c8b1e3a59bbb9325afbad8b128093ca9f6ffbfba3b4271fbfe92610d30083c0d5e0bdd5ba1d34db9c4d86b00ef987a84e98ff5a498c8be030f1e7ee47eda6a6d078681a4bfc1ea6c4d8140b11da79af62fc9ad68b75315e28c7479fdd1fd1d352267fbf6c87293f2029f76964c84dfc282aa3b4f7eb60f2f945862f7afb57ada9c2663c282fb0ca4f500625d7197e857a94cbe1899449623878ef06e36a09630aa822005143c741bebd7baf58054697f84854ec309ab456d8a9b2b79add7753afaed68aa87052333dd42b879a9365d1ea28fb51d88e77877813cc03f706a69aa91cff0a519855089cc6fc391612bf6d1b48c82ec2308dce73866d5b52c8cebb74d4fda8e68e1800233eb7cdf688708016fdf3b5a288eedc6ff4825f29952ab4efd9e21d2a37faa83d56ad9e63a38b60625a3627ef447f7ca3e90366150a412c2b9c8718911a23b1a5cf6776fd772cc0281c1fec76f4265ee2a6bd24ae7b9bde766081988c088cec627afb7098ee2227561048b01c9dcd9fe59ad1665bea01b8fcaad0d3a9bae67f375e6bddf6a324853fb96ff20eaa8b18bd3fd805ac0cb47a60568b1db5921635bc2eb04a0f184ee9156ec78d83c93055d1796828bd04467dd640a0a11b8e1fe56327dae9b3b0ad1f0a2fb014a65944cb742efac3fe66b36a8adcfbbccc573f7865751a7df3c4ae91129485dd1fb1d82f75b48e8eaf6c58c9d141a95c64a169a879926b7f290a744d9893a882b1c8219433c107a19125487cf2a1eb58ce154f0866b2b", 0x1000}, {&(0x7f0000001700)="0ad3cade2b98d18f7290d7009889d969dd07cf9c0857042b03c6907347624b4295c2adbee4642bf90c8d8e158472365c6ef694b464669a83026714a9031dfb542363b4e725c354", 0x47}, {&(0x7f0000001780)="cd5888bde711caf080803e602cd517969ed6c5ae06fe3825051fbf51a60259b27611f4ca3cbad59f50da7d3abee1d414ff0c14af9d015bc17670b3d1682f6e03f0d03ce8d69d0fba11f952e3404acf8508fd8d2ccf0faf06e988a05989c8c81092af94755d51b5e46d1705be8445723842b8a44d1ed7cec2e0f46ce855105b967f1448", 0x83}], 0x9, &(0x7f0000002680)=[@rights={0x38, 0x1, 0x1, [r2, r3, r4, r5, r6, r7, r8, r9, r10, r11]}, @cred={0x20, 0x1, 0x2, r0, r12, r13}, @cred={0x20, 0x1, 0x2, r0, r14, r15}, @rights={0x30, 0x1, 0x1, [r16, r17, r18, r19, r20, r21, r22]}, @cred={0x20, 0x1, 0x2, r0, r23, r24}, @cred={0x20, 0x1, 0x2, r0, r25, r26}, @rights={0x18, 0x1, 0x1, [r27]}, @cred={0x20, 0x1, 0x2, r0, r28, r29}, @rights={0x28, 0x1, 0x1, [r30, r31, r32, r33, r34]}], 0x148, 0xc005}, {&(0x7f0000002800)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000002b40)=[{&(0x7f0000002880)="66f0fbb08ab95ffe9e5aee778664205d9d3167d6c1937a1cac103784e3f28c12f7f6f04339539e181e3097e27dbb523600c8bc7e96461cf5ba7c25810b8f7c44089b3775cfb73a383e28b22c1bc53246aab37c77ce02bf23558e1e13be65e818cb24f4a688f0b0ca62c4021f74fef0d94a851cc2f81355dfe557b68e4ffbbca1e8d64d408061eb7f862cbeacd3146fb6aa0075e4a6040edac9a846443894e27711698f276ad1ded01c90dbfc83275b256aee6d1c177b01bff7bd4b98320c24aea2", 0xc1}, {&(0x7f0000002980)="e900e79b413a29b31aaeb2d424e73114a2550f5434abf7df70fa62498570c10a574bf70fef4295bea0be4b9b4c0fc7b4cc6e82a89f829f889b9697057b3774c6fd047475cba781fdc16aad28c3185bdbd44e236aa6c13fb155345cc02a6c0a3e2e66c12a3d5da23348b9e37151899d7fc75f02d9a5544d9eb9c84017c650ee78ca6739c86beac25a1c90b8f9e5ecb42eaa627d9a7600497c7da7b00cce8418c92ec0c3cafb2bb5b681dce1d001255f51fba4810933f731c1d83831ac", 0xbc}, {&(0x7f0000002a40)="e84c8af3149ff6fcd21bd5742f68943ea8acc3e9c63240e631d621584ebd6d7640715a617c310b518649920b92a0d61d52cb0f35f8c140250b5b140f9802b9d814e992bfaaeeadec367b8f4bfab520bb6fc809f0bc9baae5bf9996", 0x5b}, {&(0x7f0000002ac0)="d462959c38a8ffdaf4c8763c945eaeb5defbddd5357c17bfadf52584eb3402d8aca0c9491685b1592fd5a896248fe487391435759938c58009f9e80a4d4d1ee5206146d140d16cf4215fb8", 0x4b}], 0x4, 0x0, 0x0, 0x4000}, {&(0x7f0000002b80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002c80)=[{&(0x7f0000002c00)="526f6f73c91f9e6a310f2415de386ca96c82f8d40e95560bbb0bc251c3518c33ed97511fe9e19c3ee80a611bf46577d0e19e044d3e365bda5ca8dc70db33af98a90eeed8c6", 0x45}], 0x1, &(0x7f0000002d40)=[@rights={0x18, 0x1, 0x1, [r35, r36]}], 0x18, 0x4000}], 0x3, 0x0) getpid() fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000200)='trusted.overlay.opaque\x00', &(0x7f0000000240)='y\x00', 0x2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000400)={@local, @link_local={0x3a, 0x80, 0xc2, 0xe80}, [], {@ipv4={0x8864, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x21, 0x0, 0x0, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x8, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, &(0x7f00000000c0)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c04, 0xffffffffffffffff) 05:59:04 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa02, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4004ae8b, 0x0) 05:59:04 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xfffffdfd, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:04 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x5450, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:04 executing program 1: syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000180)="3e66aa0f0666b9800000c00f326635008000000f30bad104b80100ef670f08660f30b801008ed8f20f597f00660ff6fe0f0133", 0x33}], 0x0, 0x100008, &(0x7f0000000240)=[@flags], 0x1) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000003c0)={0x6, 0x0, {0xffffffffffffffff, 0x1, 0x0, 0x2, 0xfffffffffffffffd}}) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000280)={{0x5, 0x8, 0xffffffffffff7fff, 0x8001, 0x7, 0x5}, 0xd4f, 0xd, 0x2, 0x3, 0x4, "9ecafb68a2bb47c4aef6c4bf2a425adfa2b26df9d833a365038c0f30cad915281ea4a76f16d93b153131efccb7810272838c56cae8ffaf044e4ccd9531df9f03f2aba6ab76753a6752430cff272fd10eb5629fda19bd1c0d6ed84fbb8ca91d9075c356c2d572fd44aede804cb77e23f206cdd48f1dde5d579a7ba93272fc4021"}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect(r1, &(0x7f0000000040)=@un=@abs, 0x80) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f00000000c0)=@routing={0x0, 0x2, 0x0, 0x8, 0x0, [@dev={0xfe, 0x80, [], 0x1f}]}, 0x18) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x7, @dev, 0x4}, 0x1c) ioctl$sock_SIOCGIFCONF(r1, 0x8910, &(0x7f0000000000)) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x80000) bind$rds(r3, &(0x7f0000000340)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x800}, 0x1c) sendmmsg(r2, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) syz_emit_ethernet(0xfed1, &(0x7f000000a000)={@broadcast=[0xff, 0xe0], @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0xfec3, 0x0, 0x0, 0x0, 0x29, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) 05:59:04 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa06, {0x0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 541.560152] *** Guest State *** [ 541.563541] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 541.590289] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 541.599192] CR3 = 0x0000000000000000 [ 541.599217] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 541.609917] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 541.630184] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 541.636892] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:04 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000240)={0xa, 0xffffffffffffffff, 0xa, @local, 0x7}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000140)={&(0x7f00003c7ff4), 0xc, &(0x7f00000bfff0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0x11f}}, 0x0) recvfrom$inet(r0, &(0x7f0000000280)=""/255, 0xff, 0x2000, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x3a, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x1fffffe}, 0x90) [ 541.668606] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 541.683425] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 541.708094] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:04 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xfeffffff00000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 541.725108] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 541.755112] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 541.770267] GDTR: limit=0x000007ff, base=0x0000000000001000 05:59:04 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") r1 = socket$can_raw(0x1d, 0x3, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x400000, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x3, 0x0) ioctl$RTC_PLL_GET(r2, 0x80207011, &(0x7f00000000c0)) getsockopt$bt_hci(r1, 0x65, 0x3, &(0x7f0000cbc000)=""/244, &(0x7f0000000000)=0xf4) [ 541.796297] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 541.815713] IDTR: limit=0x00000000, base=0x0000000000000000 [ 541.825339] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:04 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8008, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 541.843493] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 541.858925] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 541.866713] Interruptibility = 00000000 ActivityState = 00000000 [ 541.880591] *** Host State *** 05:59:04 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x129100, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000040)={0x2, {{0xa, 0x4e24, 0xfffffffffffffffd, @loopback, 0x81}}, 0x1, 0x1, [{{0xa, 0x4e24, 0x401, @dev={0xfe, 0x80, [], 0x20}, 0x100}}]}, 0x110) setsockopt$inet6_tcp_buf(r0, 0x6, 0x3f, &(0x7f0000000180)="51dd81064f219b4e75c20893f51250fcbac48b9c6dc878c77704a2ce78eaca86b10da677c84fa6f6d87b11a962f903d36a52d739516f9cd040dff309dd8e63121c8d197aeedb7bb8501fe9440b0f5bc1f44191456e7163fd6458a2f7fa7058974101773086e35c85985eda5a892bc2710d7c7a8a5aeb351caa539d320e655b7299144fbc8b729bc84956d677644faded70a7281dcd6e2dd55cef8bf56df77506d8ed8b9335088a127377611150c13e97952f726724356364018a", 0xba) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000280)={@mcast1, 0x20, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000002c0)={0x0, 0x80000, r0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000300)={r2, 0x80000, r0}) pkey_alloc(0x0, 0x1) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in={{0x2, 0x4e24, @multicast1}}, 0x400, 0x7, 0x1, "3973767c82abc97994b1f8c7fa576314d02183c7427a53db52990d20ef429da2188bcaabdd442ba83f6d561ff006c07ac870343cc192c68b2eec57033703236b932d83d9d5263dc0bb7f0784fbade0c7"}, 0xd8) r4 = socket$inet_smc(0x2b, 0x1, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000480)={0x100, 0x12f, 0x1800000, 0x9, 0x7}, 0x14) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f00000004c0)={{0xfffffffffffffff7, 0x8000}, {0x5, 0x3ff}, 0x1, 0x2, 0x5}) r5 = perf_event_open(&(0x7f0000000580)={0x4, 0x70, 0x747a, 0x6, 0x1, 0x100, 0x0, 0x0, 0x40008, 0x2, 0x6, 0x8000, 0x7, 0x0, 0x8, 0x80000000, 0x8001, 0x3, 0x1, 0x2, 0x8, 0x7, 0x7, 0x8, 0x2, 0x4, 0xb03, 0x4, 0x7, 0x8, 0x80000000, 0x1, 0x1, 0x2, 0x40000, 0xfffffffffffffffa, 0x5, 0x1, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000540), 0x4}, 0xd04, 0xe8, 0xa135, 0xd, 0x7, 0x9, 0x3f}, 0x0, 0x6, r0, 0x8) openat$urandom(0xffffffffffffff9c, &(0x7f0000000600)='/dev/urandom\x00', 0x44101, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000640)) syz_kvm_setup_cpu$x86(r0, r5, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000006c0)=[@text32={0x20, &(0x7f0000000680)="0f320fc72d0400000066baa00066ed660f38db34ef0f43ce0f01cff2afb8010000000f01c10f01cbdee9", 0x2a}], 0x1, 0x28, &(0x7f0000000700)=[@cr4={0x1, 0x70100}], 0x1) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000740)='trusted.overlay.nlink\x00', &(0x7f0000000780)={'L+', 0x8}, 0x28, 0x3) utimensat(r0, &(0x7f00000007c0)='./file0\x00', &(0x7f0000000800)={{0x77359400}, {0x77359400}}, 0x100) connect$vsock_dgram(r0, &(0x7f0000000840)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r6 = getgid() getgroups(0x2, &(0x7f0000000880)=[0x0, 0x0]) getgroups(0x2, &(0x7f00000008c0)=[0xee00, 0xee01]) setresgid(r6, r7, r8) socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000900)) sched_yield() fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000940)='trusted.overlay.upper\x00', &(0x7f0000000980)={0x0, 0xfb, 0x10d, 0x4, 0x8a, "e42757235eb663ba815ec873a8aef6f4", "161a33c1d30eca0d1fbe520099a05162f98e0c7e90d1fc56a6d7af07b509942bc2aeae95e328bb54c5dafb3b69c76bb9eec3faf875f9138eab4f6ecfed61d0fce2e603ae6db8cc37796c8186802cec8d9d95845678e57796bfd49b5bb51d10ea8aa71ccb5cc2eacb05954de77099053e1dc1482876b1b09cf77e565e4d89c90cd7981420b90e29e6b60e65db7ee09f03752f13d6d70b5b8b582e4fc9b71f1639f65a760ca8a6adfbbb4180c3e0f5c7d613087dc29294fa784dd0f27b143f87a836d18c560707d4082fdee17f7937841a7f0abc7a154ae34e79642b4d3d526c2541f6154c5f6d9ea5a3520b9408c33a6247a733936cdcd441"}, 0x10d, 0x2) pkey_alloc(0x0, 0x3) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000ac0)={0x0, @in={{0x2, 0xab, @dev={0xac, 0x14, 0x14, 0x1f}}}, [0x78, 0x81, 0x80000000, 0x7, 0x7fff, 0x5e83, 0x7f, 0x6, 0x80, 0xffff, 0x1, 0xe0000000000, 0x7, 0x1, 0x7]}, &(0x7f0000000bc0)=0x100) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000c00)={r9, 0x8}, 0xc) [ 541.896572] RIP = 0xffffffff8120427e RSP = 0xffff88017f957390 [ 541.921798] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 541.938813] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 541.947459] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 541.953762] CR0=0000000080050033 CR3=00000001c24e0000 CR4=00000000001426f0 [ 541.963680] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 541.982040] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 541.991579] *** Control State *** 05:59:04 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 541.995251] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 542.002236] EntryControls=0000d1ff ExitControls=002fefff [ 542.007942] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 542.026153] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 05:59:04 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="020f0000080000000000000000000000030006000000007ec007000000000000030005000000000002000000e00000010000000000000000"], 0x40}}, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x101000) ioctl$DRM_IOCTL_INFO_BUFS(r1, 0xc0106418, &(0x7f0000000040)={0x1c, 0x7, 0x9, 0x9, 0x0, 0xdd53}) fcntl$setlease(r0, 0x400, 0x0) [ 542.044247] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 542.060045] reason=80000021 qualification=0000000000000000 [ 542.085856] IDTVectoring: info=00000000 errcode=00000000 05:59:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) [ 542.101741] TSC Offset = 0xfffffedbb5f83ee2 [ 542.109145] EPT pointer = 0x00000001c9fe701e [ 542.225231] *** Guest State *** [ 542.228706] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 542.238286] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 542.247489] CR3 = 0x0000000000000000 [ 542.251314] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 542.257304] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 542.263368] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 542.270256] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.278231] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.278271] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 542.278288] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.278307] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.294523] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.319592] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 542.328280] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 542.336338] IDTR: limit=0x00000000, base=0x0000000000000000 [ 542.344364] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 542.352392] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 542.358798] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 542.366278] Interruptibility = 00000000 ActivityState = 00000000 [ 542.372545] *** Host State *** [ 542.375738] RIP = 0xffffffff8120427e RSP = 0xffff8801b807f390 [ 542.381768] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 542.388177] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 542.396021] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 542.402016] CR0=0000000080050033 CR3=00000001c2b37000 CR4=00000000001426e0 [ 542.409036] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 542.415974] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 542.422110] *** Control State *** 05:59:05 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x3f00000000000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 542.426071] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 542.432843] EntryControls=0000d1ff ExitControls=002fefff [ 542.438297] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 542.446037] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 542.453152] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 542.459911] reason=80000021 qualification=0000000000000000 [ 542.466229] IDTVectoring: info=00000000 errcode=00000000 [ 542.471764] TSC Offset = 0xfffffedb53ce977e [ 542.476182] EPT pointer = 0x00000001d823201e 05:59:07 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x40505331, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:07 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x3f00000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:07 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f00000004c0)=ANY=[], &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) mount(&(0x7f0000000640)=ANY=[], &(0x7f0000000500)='./file0\x00', &(0x7f00000005c0)='bdev\x00', 0x100000, &(0x7f0000000600)="ee3cc3a324865e07cf89cec098d2af0b817b1b4317b8bd8c367acd1efb03a1ecc26c4132059449c1368365f42baa151b18bb") mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f00000001c0)='nilfs2\x00', 0x3081, &(0x7f0000000100)) mount(&(0x7f0000000380)=@md0='/dev/md0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='devpts\x00', 0x80000, &(0x7f0000000480)='posix_acl_accessuser\x00') mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000000300)='mslos\x00', 0x5010, &(0x7f00000002c0)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x0, &(0x7f0000000580)) socket(0x0, 0x0, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x400, 0x100) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000280)={0x5, 0x100000000, 0x108, 0x7, 0x7ff, 0x200, 0x6, 0xb01, 0x9, 0x2}) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000100), &(0x7f0000000200)=0x4) 05:59:07 executing program 2: bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000000)={0x10, 0xf}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)={0x48, 0x14, 0x7, 0x0, 0x0, {0xa, 0xf0ffff, 0x600}, [@generic="667e279639a91d7b7f0000017daf4204a00b32eadc2828417f000001e3d8960f65b27ee8125f42360500000015739d53d5"]}, 0x48}}, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0xd4e, 0x84000) nanosleep(&(0x7f0000000280), &(0x7f00000002c0)) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000000000000ff000000040000000000000000000000000000000600000007000000000000000000000000000000000000000000000009000000040000000000000000000000ff7f0000000100000000000000000000000000000000000000000000000000000400000004000000000000000000000004000000280e00000000000000000000000000000000000000000000000000000400000005000000000000000000000000000000010000000000000000000000000000000000000000000000000000009a00000002000000000000000000000003000000400500000000000000000000000000000000000000000000000000007f6d39d32e6f8e4569d1e3bdac2b8d50087ebe9485e18c47741e0a55fee287e73e66483f6ab6"]) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={0x0, 0x2}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000200)={r2, 0x3, 0x30}, &(0x7f0000000240)=0xc) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x32010}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000426bd7000fddbdf250b0000000800040008000000580001000c000700020000001c0000000800090013000000080009005d000000080002007f000000080006006c63000014000300ff0100000000a7bab0ec0000000000011400030000000008000000000000000000000000"], 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 05:59:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4048ae9b, 0x0) 05:59:07 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x40000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:07 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000240)={'team0\x00', 0x6}) sendmsg$nl_generic(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x182c, 0x26, 0x600, 0x70bd26, 0x25dfdbfc, {0x12}, [@typed={0x8, 0x38, @ipv4=@rand_addr=0x1}, @nested={0x428, 0x68, [@generic="14444774eb8fd4334a68f911cb8dfa4ed3a77b84e5c86d707291583dab6ff720a4f19f4d62a39f1a0a0a0b3266522c8920a869e61be0553089df0f66c013d0c5801f9c35f89152aca90cdedc4f51bdcfc4b3206cf2b1fdbf8bc02c89267fd0991f85c6dbfdc4c7fd935fb635556d401005", @generic="612bf8d5406665cf52cc56c1a8482f9af931718294cd161d31354b1891a64dd0ebe5b9138466c60ab0593d683c1ba73b6c0a7a1d7ab26029ba6ec5024553723ba2d32a8008a74849001e0f4072c6b3490990746a1e990a6cb49133b98b7e470d261e4fa0c69c07c1de126428c107d4db7f77d8f06a9463c6058b8e3afe907f1358ae224cbe9b41e9ebf572269463ca774c2ab37b503e6ca528", @generic="f9025ed4b0f4b0e689f027", @typed={0x50, 0x4f, @binary="afd3a9300bec316142b15da0112a727cd232e483dbeec8de92df7c919e66fe6bfd6d9da4a7e96464a39ab704e667dca0ae64a432f663a5baf828496e1fef1b05a5c63c6da14c790dc5c8"}, @typed={0x14, 0x7a, @ipv6=@local}, @generic="49e608c14b3fb00950d7388d6b49db389c90d9f4e9b70dc83d1d8e4b6ba66a9560964c2ef3094d505a8892db4ff798d35b84933d60e97413f81c88122cb472824e62b982603e2f1002f6c835ce3229a4732ee0ac7f845fee3d9151c063", @generic="33fa03aa3b31663bd24c622fb7fb4d9fa4b2733c64b088cdb5c71b5a707d976d6032a22f902808de7113442d36289cd356f6bb7724a44d2606cf219f1733abac980e78d8f97f35f42eb0db5f111effd7868946e93781c95ff343113de29b77aa1ce9d96ddfd1e450e4133481b595c0ee0515012c8901663379e781ccf5a1519014aefb4b5b526b74e2ae0c2b072f33b446fcf1e9a4d5e4731639cec5", @generic="05e66c92bc07b5d75127f7370f73375d93e6698e72a86620063adab747f32b5cacfe1cb0762ae2495f74e7296c28baf72864254a6d9ae6ba4b10e548be657576696c7a0959195eae3b118c7b3f488121b39353e5a01bc26a28e5435c2d0420fe7f661c77104679b6d171d25f67dd952c9fb5c4a0517b2717204f56b3283a67548a07e1ce1b78d1bb02eb2f797b842bec5d70a586146a33fc335f79bb8d773647ac13c9bc6fc12e34c29125682b0ccbc5de65238dbfe61f9d8594f44de221ef3064ff48911bc5b7f8a24f5ed77404e72605e51a7958803780069da2ae766ba18a33159979cba4d62b", @generic="26ed711dade69c0db15a1f0b471c5b6b9f33e5ee9839f6a476e09aee84b81d4644baf73f3b9a62877ebd2e83870935aad325d852c93d0f7808f57013638da3df81a0ac58cef76402031752ca91ad03a7dd8d12e2b22071d3453988a08b80887d879538733b3e0a89355c8ccc6a9b6816ce4c4aafde6a999c1530e0cccbbb001ed0c877e0599b103f1060c75442f4ee001eca0d482b8c3501f3945ac87772a8e131021fd33aaf0e9b1e2e05ece5b31f7441a530f6ad3abf2928e7539a44ff2928af89c0a0dbbadaf475"]}, @nested={0x248, 0x4c, [@generic="d969cec8f14c5b70d2f72404dd6f8ed5177284f6cc4d85ae696ab948f29b55873888490a818916f119e1cfe49f0874e029d0119d6ff2fd32ead0693d211cca45f514e6abd955ff76cc36cbb051e5c51ec33d8eae61634d78fb2e8427566eea57833cf45d8e12d46c1c6a2c89bb9841cf5211a492f6d747dd7524ac7641fee8e2a6604e5e6abe3e735b10d3e5bc4596f81c62bce90e6d14a2ba5642668d217822aa9d453c12631d9192a0264184a742c5d4270ebd9600d20695b765c3f3d38d58b7c0b53a4310b3b6db176c468505708fb2806f8e7b15148758f1a09678963ca72a18f4388cb328f73f9ab38a2751aa408ea5ca44a9bdc22a", @generic="b4aabf2042d65104bcb5aaf18e44b34ac3624eff1cbd79bb49f0086caac6851f5e6b32f996b6e58efcc8874f71dde3e63d73def8c52dbe9db43e7dbc766ad56e471be6b487a9e540d2cca3b48f5753fc7609e6fb2f69", @generic="ca77da946a1919ed9f8249c567555854665a059dd6d2a3880f7c74d071fd9575950e18710ecbe1972a45cb5668cbdc496922f2f5a69b121d94efe484f057ba6e6ab1da9adffa44b8d4547f8c9d934356d8932531e9ff1139a5c8bbdaaa285a74c09a6d533c66c5ff944ee4523ddc1d7fd1fa8d75e61657121bc2cbf15bbad80805d4beb75db9a47f283826e263f7b9f82f07969c04df86d809b4d547305f748104f74e910d0ee7fe3906bc43dda4d5aa117578c248124ecd94045a3182e7b2cc10f89fdf8e627d580b8ddb35", @generic="1512677a148cf8873f32a5e10831", @typed={0x14, 0x38, @ipv6=@mcast2}, @typed={0x8, 0x3a, @fd=r0}]}, @generic="e7f7a18f7c1f2134f3ea1508723d1f1fd671dfd499384bc51826e7ac8b8f1ef75d2e586038eb4b25a1eb086e088f", @typed={0x8, 0x1f, @fd=r0}, @typed={0x8, 0x31, @fd=r0}, @nested={0x1160, 0x57, [@generic="98d60293c36a27a6d1abab969e997342c92c41a4ba260c205f6d2667a8901f3f169e86e987950689be68ef8098d51d3663e26f135619d7029a928d991004a57151a91942c643471ac7319e60c4be3143451fe1c86543a950f2474514f982d67fe4769c87e52288e131344f6ca57bcb906beb626caae47b0d7aaed542a1215d11f23822f5ddc4ae7af7fba9035e7c1d8db58e3f8a2b26efd2062c8f00d56e4d0c21260da04612a47b0999a9b068de62a75db99a4eae11adbf6cf4ce0aee083978e181dcd7dfe57859bbbd00826dd68e9d4e54823bcd85d0ae31ab", @typed={0x4, 0x6}, @typed={0x14, 0x89, @ipv6=@ipv4={[], [], @rand_addr=0x1}}, @typed={0x8, 0x44, @u32=0x7ff}, @typed={0x14, 0x5d, @ipv6=@dev={0xfe, 0x80, [], 0x2c1}}, @generic="19e75fda972280a7ffbfc3e3f303f635e41c60913cab141bf8a00614559f001ac6642c85013f2bd836490f7e9eacb02288f58995c90b1783f4a0de27140bea72b5434bcfd68876b95c8b74", @generic="81ebddb45c81a83fea5d215275c548f733e4ba89ce096d886b346638596224d2c0f1056c13b8ccca4027ca9b7b0c349b7bd13b855f80856f866e91c1c2f3b28c0599b4aab67d6b95a7129895a3b289f197e2b625223f4c3364acc427d4f5d1bbc1630e483abc5f944dedcf7ec407bc39160c0f490bac4e5d6a94a3489a5ca6b9eb202f0b5ff7e35959d1c1e8604206da0601b08dd5198610e6bdc911a1c08568f00dc308e4a3f0fc9c402004f868e94fe15c54fa0b28d7a831bbf3f24a8a22dee2f679714797c6e2472293082ecc730e981a9ae7c9b94c45c213c7f9d359f205209fb9ec5954006b8a673e8b26d58e78e0ea81becf216ccb9fdbed1c47afd2c0a1880c298614fc182d30df68acd400766a297bfdf473202f2972f227dc332d3777ccbad7c031ebdc9cc24d3d3bf4f4b26bd0f5aadd6462e60d076b12b5433dd3fc40906dc8a4a06638ecb13a12b43af8a1fe1b8b2a9bf3081d8c342176d4e7d95d3d5e82b58d2bae9f0f9040344ea4a7fe62846b5a2cf4828a2ab17ef9bb03653c74892dd7c13b8ee795bb921ba08936b9c18e7c18801df1fa9fe366636adcb08a6fdf123533d3215f94ce77d00eb55372de16fd80c624ccd37c25995db426ead14f33e297597c59e4ff41c4a07c3610680c4d3f7f8d5daef6f414f0ef80bc409d0c37c41834aebb8b56cfe964dc1b18d088f4e0bc33bc4da1795735385697145bfb200f5d2c8e0f99aa79ecaf08996b0bba6f6c031d377cc02cf0a34b9fd7f6ac4e45dc8e311f344a2212f93c31d32d523e30e75dc27117b4d30b5cbcd9a0a4d5f4c67e40a66f7a6a02a74939ca4e2746b284db3c9e2d1620947726cd62b8bbe37fb3780cd3dbde663edfaae6becb1bbe17c62c8b231696e20547eaa25920649803cf982427f734aa54c52c8b2d577f3778f9e8ae5c30c1fc78577d85ce2d8ecf6e6b45fa8416c50392358718ed5c749341940152816638ce23bba26da2c976b6812750b9e05a71b9a3fbeaa01aed3cf6e1983e8fe6b7e7ee8748db20473621309818ad3663e6b77fb7dd7532f55bc2414e9a0dde9f459578556871a9e9440c259491d883ad2f598dc17d509d22a57971b0f52b3734d5c0ca8c9cc477d1e77c62852cb703c9007f9f53351e70beae701147360f95da76e248121be6532f36f3cd0b2b893b5d2dfc7ef35f31314a52818f56b295a0ac720f55581eeff80c8af0b053db0af038b75a4700fd23facdd822e55f7ca7eb2c0205515866bbdd14f643e778ee865e76ffb358304382de970c8c358eaeacfc860d053b15677b6fc90054bfc7e5c28d4ec368aeaeb36a32c0c6ce8deaf996e0ee8c335238b3ac5b00c6b9b1f1c34a8f7d2f06475e64f0f11149c8d93bed817dad63e49c6a22f4a6a47f2ab17f0e6fffca749e7da919647caa7ef0e2bf15302d5354e156631d41df0fa5e6322060cf41b2c1a52a47cc387f5e3cb6ea3b91129ea77903d5b35adb04c30c77c8a5928d85b48eb9c00c503d41ade14f88afc4ab446178f773b344249f2cff4c7d490c4f434496023918fb80c26f47077cc1ebe8bdf7aace76d6289787c95fae7cb06510c22fbb0bb9cf44cef7927896ab1fbfdf2827b5778737a349c3d2c485712b3b0bd80b614d276452a2edb1424882175f4c49cf8eb486648cff5c7f3ce181fb0dee536c017807e35ea046bef1470643a32160bb65e4fd25d480cceb7ca94d4062056abcccf27231e29a6a271b84d1771e4e6ea514120c8e49064a1176e1cca8d311a875e20d396297ad22fd23b7a2ab68bdcc308c7117d4279f32a9394d5e4e040fb4441958748cea362e3c833827c722b350a8ea8fc9e6ea39da49d5f338118b4af2f91933a6d19dfbf6f100025960e322733d9b7d4108e7718577cf11e8a05cfa0e2b18f7af51297719faef409a1757eaef89d90e57a189a569067b6c9b0d9a6e95ec503890f426c6b92d42d15e72dc9d4597ef86985593bb9fde0eda1bd7d7c2a928a655cbbd5614087242d6cca83ad0e54feda95f434aa6d123a50f53ada09aa976cc0ca7e695bd4aaf00cb373391ad9bc67b57d026d257add1afa19ae24d935a1716ace4fa49cf4ea40e6108cae84e316cc11d4bd8edc0ae616b02fdc0fe7dc56d596d425011279d569dab707a55d098b67a1e23a0dd06762352e37f886df60b8f993a1fcb3e5a60f878c63857e5e5fd41786b9027384637f5f6342aea12b13180ae32ee2dd7db4b2412af2e259309f856deb59ec8c643a0761bb18268d0e3ede8dc18275b6d631b0367b2d0fdd08a4e630d6f5bcd920886bfe02260fbe6989db02e035624da0904a6bd66a72c1f39160ef026ebead02a8ac6a50a76f1ff6252d451af92e993d469812e978adf831c2321201a080fe1f54007bebf20d8f77e147b5127c25bc40d15182a21d13f955e92534542e3d07d1d87a95d7d7c9d4454dd56d2352614f4c9ea25675ac159c175bb0f8f9ee488430da113297f8c44d5c15a93bae9819e7bda71f0aaed195d0c474d5321dfd1ce4f6ea6da381ea77d69a83d992e8201824123c5676a582622a9cdb270739660f44c0b45dda2c5079b5c4fa1ca34eb9c73c2a36e527ac7ac483980574593bac0373321edc106de5702363c7edb6318173576e841c42dbe5cea259c147959f3ed4ffa9f0d5550c500d50c84cf67bb81fb4604c04509f808e982ae37418740f7e9405eb553da99f57833771232304297f789e5c61c8ac8fe6b5a13739fed5192b87a5a184b38931637e6da92483c19cf6b3286fbf0304758d677c2e607ed8aa8c84b002d149085c62e6bae2a4be28cd5360996374ac97bbcef583b89ebccdc6a8ab9d094a8f8008332981c6a9e61645b5b3b9c4b7fe4eaf627c714bb10483d1a2dcc444cfd1600fe9abaf8b5be1960c9c6668c9a1da7a56f52392b046fb8f0fea8d4d9eef57408043a74b504e5c81d5791a9c39ab0533eab90f0ea8ebc62e87fc389337104d9547788abc6feeeb0b2d60ad25ed1788b6d7658add2cff2f9f986b8f53cec0c93a7ac46c9e1302cadb379bf2ca95b98851b891ce5ba0ac647d34ca9338c3bb63b3d22f3fc34dfb8efb92e24c11ca9d96589c81b0b3d706811e5e060becd863c373c4a673b3d005b7b0679ed25de761bb3ea6313087128f555ab749cfd3a0dbad152a753bd10609735f1e1cda35405d4d1f72cf24da5c5393b0977c0063321fdf0d3f1adeebb8d5d3c7c6f531d8e3916d68f8a63b5b4408bbe7c6d6a3c30dc523da30ace1f452837616fff75f1d959652838d23d2f188a09045b4399448413447b24220c978d085a41ed16139d9dc3145ccfc95dfbe97113756602e0d5b665aedad3cbef65b14422764b6a1e3f63a561afc66ed494f213510f9083a45a4005abb0aa14f3c2560f68217bfb09fa19015476eccdcef09793a1a044146d0b37ef383a4b232479355bd5fa336fbf6bd6fa8d3002e96b2c7c8b244baa7a6558e20a6bdf43e1ca5147bb4bcc29fd16d6a60e4a69f698358cd8527ab56ff4c8e8c5ebcb6c78eb39208d4090b1d7a6baa0be7f16b3d93b2a01f551e7d82cdb222b58a7df6dc76f606a5fd8f57bd20000a6cc4fabc6ef3f4cc1625a7bafcf34e9ae36da72a9ecc7713d47fd7ca58ee79ff138210c99967a8291064c16c20a384a761fedeaeaee663dec59636d95d9924c307bcfddbf37137b482078d437ab78d0e33246bc14e001627a6688d278d0c13d7c20364a99d0fb920321c28c5f917836628b61bc62ad6129cc4ab12cb1d956ea31f45ead5120fd4d1fc6c5c8592024cfe2e90e765c7b274184f47d5cbff8d6bd31a6e74277e6db130e08f1bdbd79f6f9f3dcdbd4e2a78a94312b6a3cd721b54dc4295b95d8569c8e9d203ab54453e2f252c3b3a2f1163c6217bd04002e2e2e2071435d71e7f595d1f32b538863fe80da47db74bb54d5cc385ee1ad41a106519c3fd5310c6836e37b9ddac8e9db5b33becd2c0987e711567b89c2bdd68128bc5ac824518d5c0d00cfe2663d5227192ae5dafff3f25f41e93893f19e8208a3d7db9f7bf3bfe117e1b4e3b1929f760d9a997f5179bfb1b1e50236d57eb551a7ff965f1d481c4c9f43b717baf2474fe53bfe6e587374eda39e1bd82c5823fc5e06690fbcf189f434eb90425754b588f4729a6e4539d9d1742d94da272106b67033c26da6fd6b4526d8232bf508f2c2c2d8ab749754c11642d541c4532a68092798355d993e8a9b517c1f87447c7acc5bc60f8dcad50c40ec495ee4ac895b31405cdc0b5417298fbee52dfaaa5fa444429b3957607c98bc0a1a0f064e004dbbd3beecb04269a4bd3e40f9b4ea06f9eb1c6ca97f494011504a0034c359269413d9710965dc76727d8046e253dc3d734576f0a51fb4f0bd064846215c23f7ef29ced4caa45a15a6cc9a6beb2de5d976afe3c50233475a618751784b14bba70e72760e4066cffd40aef0fda76490502d848591adcc398ff209131081ff143697d536852d368f650d0a68262f2124431a2e34a97c88fda7dc785b72d7eaa6c4ea8f1b41a3163d22f810e5ef75b553fc59b22e4117f4b362124b46885389b3c880c384ff54cbabe1ed9111d5d96287e089f9815dfac1bf55a137fc7b496a39712e532346f804ec77272c3d3a6924aa75e27c550f3ec51aca74a4b600692177061f9c1b00cddf3fa3f37e971d2917f80cbdc7b2cdb2c88b164c4c48d372241f26dd1ba06931d3dadf1867ecd99d55fd0f6be7f5cbc4cd187f6789bae25ea058dc6ba1749661e97c25d7b39c193a4cb0ac5aeeaaa81ca61815697b99d3cacdda267a7d008004d86554c3976acc1526dca48269a535dc6c6f57e451046b87692267d25541df59d21dc7ec0009e3f3e73d675eb0ff1c602c2981c44ef4a0b921bfa74bbd051049f87cbd89f3590f55897d453af829b4c1f490fdd3a9f6e8254b33094d00b1c5a0353dcfaeb18efe9f0d7bfa1766fe826dad3f1fcf91302cae06baabdde800eb6db7b3494ad5238dbda0beeffa23c6beb53e3dc5489b5ad2149045b02b52b0177ce5c385109a7dd92b5f2a6ac9e174c675643401ba3654d9e27c416015e55fe82b4b0716b19dc9685bb7a19af339e2b0f7fba8e61f04b14abd4adf5940ab44d2d718e4420f266ee7dc08fffc21ae3dadeec26514e1e1cdab20884dfd672eac96595e10bdd3a7bc9287b4d3d41296e9a9ff4e1877a40e989f906f4c70b85cdbaf9bb9e3e2d46498e7bf63a796ac4846e6ff0ec2dbce35472b4016df2c912c85cac0ba41cf4e5fbae0ce9efa36562f8308439053dd44da6ca52310308bb8b106691a90f1d0abc4a79d4db69b618ed3915f91dac530d9c2c110fdb44313cf4eec2bb9fc124c2938b7604ed349d5d911917d746b5e8fc1a548fa776365a97e16646ad5f36136d52e8acf88688d9f635a94c80c3047d5d05623d063df28aa2e4de0c89220462292cc0c2e3b695dcb5a96435aaaeaa0a84eae1913d29429cfed167fdab5e373cf135d3f1a6e68bfc1d596ba8398f2e358e7c526d709540f1f993cae0a8d2d66589379fff6c218940bc41afb5e5fe4745c091c7b2fb7a7dab1efb3ff1b7cda2d30de91e735f48d7eb758ad279f7cb4384a6b8f47f688173f123721dfa7cf7b339a8e6a4e8178f0c2391a3bd4a171d9d0ab4be73284ada8c574b356af87e0a9e51774aea781cb00b5b3f55de7e2d68ae7d622b0302e07701d6eb6cfb3eb32afa2b230e3a5b5f73a1ba1c3cf6b4c58e27ed79a1ed871810e7a9593df21da75f028e7831bb59d83f5a99fa1a7ca255e65f034e0cb16b0"]}]}, 0x182c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000280)=0x9, 0x4) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f0000000200)={'ip6gre0\x00', 0x8}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x34000}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x2c, 0x29, 0x1, 0x0, 0x0, {0x1}, [@nested={0x18, 0x0, [@typed={0xb, 0x0, @ipv6=@ipv4={[0x0, 0x0, 0x0, 0x17, 0xf0ffff], [], @remote}}]}]}, 0x2c}}, 0x0) 05:59:07 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x6000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 544.702442] *** Guest State *** [ 544.702469] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 05:59:07 executing program 1: r0 = socket$can_bcm(0x1d, 0x2, 0x2) signalfd4(r0, &(0x7f0000007700), 0x8, 0x80800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, &(0x7f0000001140)={0x20, 0x0, 0x2000, 0x200, 0x8, 0x4, 0x8, 0x9, 0x7ff}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000001240)='/dev/rtc0\x00', 0x80000, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r2, 0x40206417, &(0x7f0000007640)={0x1000000, 0xffff, 0x7, 0x7, 0x11, 0x6}) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000001180)={0x0}, &(0x7f0000001200)=0x8) clock_gettime(0xfffffffffffffffe, &(0x7f0000007540)={0x0, 0x0}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000007680)={0x8000, 0x202, 0xffff, 0x10000, r3}, &(0x7f00000076c0)=0x10) recvmmsg(r1, &(0x7f0000007380)=[{{&(0x7f00000004c0)=@l2, 0x80, &(0x7f0000000740)=[{&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f0000000540)=""/183, 0xb7}, {&(0x7f0000000600)=""/71, 0x47}, {&(0x7f0000000680)=""/151, 0x97}], 0x4, &(0x7f0000000780)=""/155, 0x9b, 0x5}, 0x20}, {{&(0x7f0000000840)=@xdp, 0x80, &(0x7f0000000dc0)=[{&(0x7f00000008c0)=""/4, 0x4}, {&(0x7f0000000900)=""/46, 0x2e}, {&(0x7f0000000940)=""/38, 0x26}, {&(0x7f0000000980)=""/236, 0xec}, {&(0x7f0000000a80)=""/195, 0xc3}, {&(0x7f0000000b80)=""/193, 0xc1}, {&(0x7f0000000c80)=""/95, 0x5f}, {&(0x7f0000000d00)=""/163, 0xa3}, {&(0x7f00000033c0)=""/4096, 0x1000}], 0x9, &(0x7f0000000e80)=""/48, 0x30, 0x6}, 0x8}, {{&(0x7f0000000ec0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @rand_addr}}}, 0x80, &(0x7f00000055c0)=[{&(0x7f0000000f40)=""/43, 0x2b}, {&(0x7f0000000f80)=""/122, 0x7a}, {&(0x7f0000001000)=""/189, 0xbd}, {&(0x7f00000012c0)=""/209, 0xd1}, {&(0x7f00000043c0)=""/215, 0xd7}, {&(0x7f00000010c0)=""/66, 0x42}, {&(0x7f00000044c0)=""/245, 0xf5}, {&(0x7f00000045c0)=""/4096, 0x1000}], 0x8, &(0x7f0000005640)=""/225, 0xe1, 0x200}, 0x3}, {{&(0x7f0000005740)=@nfc_llcp, 0x80, &(0x7f00000011c0)=[{&(0x7f00000057c0)=""/156, 0x9c}, {&(0x7f0000001140)}], 0x2, &(0x7f0000005880)=""/76, 0x4c, 0x2d}, 0xd9f5}, {{&(0x7f0000005900)=@nl=@proc, 0x80, &(0x7f0000005a40)=[{&(0x7f0000005980)=""/159, 0x9f}], 0x1, 0x0, 0x0, 0x4}, 0x994a}, {{&(0x7f0000005a80)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000005e00)=[{&(0x7f0000005b00)=""/236, 0xec}, {&(0x7f0000005c00)=""/194, 0xc2}, {&(0x7f0000005d00)=""/78, 0x4e}, {&(0x7f0000005d80)=""/104, 0x68}], 0x4, &(0x7f0000005e40)=""/177, 0xb1, 0xa97}, 0x8}, {{0x0, 0x0, &(0x7f0000007240)=[{&(0x7f0000005f00)=""/51, 0x33}, {&(0x7f0000005f40)=""/179, 0xb3}, {&(0x7f0000006000)=""/114, 0x72}, {&(0x7f0000006080)=""/3, 0x3}, {&(0x7f00000060c0)=""/157, 0x9d}, {&(0x7f0000006180)=""/4096, 0x1000}, {&(0x7f0000007180)=""/46, 0x2e}, {&(0x7f00000071c0)=""/70, 0x46}], 0x8, &(0x7f00000072c0)=""/135, 0x87, 0x10001}, 0x7}], 0x7, 0x0, &(0x7f0000007580)={r4, r5+30000000}) r6 = syz_open_dev$mice(&(0x7f00000075c0)='/dev/input/mice\x00', 0x0, 0x40000) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000007600)={0x0, 0x5}, &(0x7f0000001280)=0x8) r7 = socket$inet6(0xa, 0x0, 0x0) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r8, 0xc004743e, &(0x7f00000002c0)=""/246) ioctl$PPPIOCSFLAGS(r8, 0x40047459, &(0x7f0000000000)=0x600210) r9 = memfd_create(&(0x7f0000000140)='^\x00', 0x0) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000280)='tls\x00', 0x4) readv(r8, &(0x7f0000000080)=[{&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/68, 0x44}], 0x2) pwritev(r9, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) getsockopt$inet_sctp_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000040)={r3, 0x3, 0x80, 0x5}, &(0x7f0000000180)=0x10) fsetxattr$trusted_overlay_opaque(r9, &(0x7f00000003c0)='trusted.overlay.opaque\x00', &(0x7f0000000400)='y\x00', 0x2, 0x1) sendfile(r8, r9, &(0x7f00000ddff8), 0x102002700) getsockname$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs, &(0x7f0000000000)=0x6e) ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000007780)={{&(0x7f0000011000/0x2000)=nil, 0x2000}, 0x2}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000013e95), 0x4) getsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000440), &(0x7f0000000480)=0x8) 05:59:07 executing program 2: mkdir(&(0x7f0000001480)='./file0\x00', 0x0) mount(&(0x7f00000012c0), &(0x7f0000001300)='./file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x0, &(0x7f0000000080)) lgetxattr(&(0x7f0000000280)='./file0\x00', &(0x7f0000001340)=@known='user.syz\x00', &(0x7f0000001380)=""/234, 0xea) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = memfd_create(&(0x7f0000000140)="6367726f7570320075b536e08f97e10c4289e296462f3c8fc6a418228027bf4d75931e238b41cf55afcf7dd2284567ed5a738f3382aae6349e10336adf686499eb1d9379eb28", 0x1) perf_event_open$cgroup(&(0x7f0000000400)={0x7, 0x70, 0x0, 0x0, 0x0, 0x5, 0x0, 0x101, 0x0, 0x0, 0x0, 0x600000, 0x2, 0x0, 0x0, 0x7, 0x5, 0x3, 0xdf, 0x0, 0x1ce70000000, 0x0, 0x0, 0x0, 0xdf3, 0x5, 0x9, 0xa2, 0x0, 0x4, 0x2799, 0xa5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0xed7, 0x7aace71b}, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x6}, r3, 0x0, r3, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r3) bind$inet6(0xffffffffffffffff, &(0x7f000047b000), 0x1c) listen(0xffffffffffffffff, 0x20000003) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000240)=""/114) connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x0, 0x7f000000, @loopback}, 0x1c) r4 = accept4(0xffffffffffffffff, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0xc, 0x0) connect(r4, &(0x7f00007a8000)=@generic={0x0, "8c36b043d081c3c1503af6a768406b9267f60ac286da2338bd8e3f6ba990189977170a0705ea90c13e26ba0b966b9b9d3289c8784f16963ce7c312649ce2996cd4e7126f704ab2546e516d216ed2fb7a95ff906185874a2d44029a01f46a380e73c5477efe9e01548612afd6c667be500d748038f499a492ef8fe4e62653"}, 0x80) getpriority(0x0, r2) pread64(r0, &(0x7f00000001c0)=""/39, 0x27, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r5 = accept(r1, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000480)=0x80) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000380)) getsockopt$packet_buf(r5, 0x107, 0x0, &(0x7f0000000280)=""/7, &(0x7f00000002c0)=0x7) ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x4) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x6000, 0x0) getsockopt$sock_timeval(r6, 0x1, 0x14, &(0x7f00000000c0), &(0x7f0000000200)=0x10) [ 544.769328] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:59:07 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffffffffffffff7f, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 544.822045] CR3 = 0x0000000000000000 [ 544.835559] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 544.843966] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 544.858086] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 544.866826] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 544.878252] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 544.886777] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 544.895850] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 544.898650] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 544.905171] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:07 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x80000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 544.919361] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 544.928563] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 544.937004] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 544.943840] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 544.967641] IDTR: limit=0x00000000, base=0x0000000000000000 [ 544.987147] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.000365] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 545.009568] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 545.019241] Interruptibility = 00000000 ActivityState = 00000000 [ 545.025907] *** Host State *** [ 545.029443] RIP = 0xffffffff8120427e RSP = 0xffff8801d7d67390 [ 545.035718] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 545.042363] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 545.050698] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 545.056745] CR0=0000000080050033 CR3=00000001bce5c000 CR4=00000000001426f0 [ 545.063967] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 545.071273] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 545.077441] *** Control State *** [ 545.081167] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 545.087927] EntryControls=0000d1ff ExitControls=002fefff [ 545.093517] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 545.100581] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 545.107332] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 545.114196] reason=80000021 qualification=0000000000000000 [ 545.120991] IDTVectoring: info=00000000 errcode=00000000 [ 545.126443] TSC Offset = 0xfffffeda077f9a98 [ 545.130942] EPT pointer = 0x00000001cd43d01e 05:59:08 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0x404c534a, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:08 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8040000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:08 executing program 1: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000000), 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x9) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) timer_create(0x1, &(0x7f0000000140)={0x0, 0x12, 0x0, @thr={&(0x7f0000002100), &(0x7f0000003100)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000001080)={{}, {0x0, 0x1c9c380}}, &(0x7f00000010c0)) tkill(r0, 0x1000000000016) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000a00)={0x0, 0x989680}, &(0x7f0000048000), 0x0) 05:59:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 05:59:08 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xfdfdffff, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:08 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8000000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 545.513631] *** Guest State *** [ 545.517239] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 545.527167] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 545.552433] CR3 = 0x0000000000000000 [ 545.561786] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 545.568353] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 545.587009] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 545.594021] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.602367] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.611657] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 545.617191] tmpfs: No value for mount option '/dev/vsock' [ 545.619731] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.634151] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.642237] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.650691] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 545.659695] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 545.667887] IDTR: limit=0x00000000, base=0x0000000000000000 [ 545.676342] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 545.685385] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 545.692201] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 545.700067] Interruptibility = 00000000 ActivityState = 00000000 [ 545.706496] *** Host State *** 05:59:08 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x7ffffffffffff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 545.709780] RIP = 0xffffffff8120427e RSP = 0xffff8801bac6f390 [ 545.716318] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 545.722928] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 545.728120] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 545.730909] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 545.755859] CR0=0000000080050033 CR3=00000001c2a04000 CR4=00000000001426e0 [ 545.776527] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 545.807929] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 05:59:08 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x40000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 545.831765] *** Control State *** [ 545.841076] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 545.855675] EntryControls=0000d1ff ExitControls=002fefff 05:59:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xc0189436, 0x0) [ 545.869473] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 545.870181] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 545.895179] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 545.902399] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 545.909420] reason=80000021 qualification=0000000000000000 [ 545.916312] IDTVectoring: info=00000000 errcode=00000000 [ 545.922446] TSC Offset = 0xfffffed991a29059 [ 545.926973] EPT pointer = 0x00000001cc85501e 05:59:08 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0x80040) ioctl$TIOCMGET(r0, 0x5415, &(0x7f00000000c0)) r1 = socket(0x1e, 0x1000000000005, 0x0) listen(r1, 0x0) poll(&(0x7f0000000000)=[{r1}], 0x1, 0x0) 05:59:08 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 546.045702] *** Guest State *** [ 546.059400] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 546.080631] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:59:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000540)={&(0x7f0000000380), 0xc, &(0x7f0000000500)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f987696366b61dfeffffffb00fc27ad9b9486f527721f2aa8efd58894b881e694d6b23478d7fcbee4b45d7f61c70ecf491c66cb33a193a023a581eb8bc39537c44a84dba68b031484a153502325fdeec26e0d79544b5e4c1ed9b168ed04bd0d0d250347eac104a0f49d413e6566a0f282fe569ab19da89f5d4ab74ab4a0d3f95bd551e2018f19bb9de0d98b180780fa7ad9c6f7f5dfbd18e248f7b52d8879ed1b3446425311274dda0bfce37306114316c8b0bb87c890313ff1b0c4243c570d0c91b37708937d404d80000000000000000", @ANYRES16=0x0, @ANYBLOB="009860002a68c7d22d000000000000"], 0x14}}, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x40000, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_GET_XSAVE(r2, 0x9000aea4, &(0x7f0000000580)) ioctl(r1, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") recvfrom(r0, &(0x7f0000000240)=""/100, 0x64, 0x0, &(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0xffffffffffffffaa) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) connect$packet(r2, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x1, 0x6, @random="70d48425d4cf"}, 0x14) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="390000001100090468fe0700000000000700ff3f03000000450001070000001419001a00030002100700005436dc0bab09000000ffff9e0000", 0x39}], 0x1) [ 546.113449] CR3 = 0x0000000000000000 [ 546.117315] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 546.123878] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 546.130315] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 546.144649] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.154231] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.170293] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 546.178604] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.186965] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.195489] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.204043] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 546.212179] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 546.220302] IDTR: limit=0x00000000, base=0x0000000000000000 [ 546.228300] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.236583] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 546.243084] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 546.251102] Interruptibility = 00000000 ActivityState = 00000000 [ 546.257357] *** Host State *** [ 546.266363] RIP = 0xffffffff8120427e RSP = 0xffff8801b72e7390 [ 546.272458] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 546.278895] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 546.289801] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 546.295769] CR0=0000000080050033 CR3=00000001c3bce000 CR4=00000000001426e0 [ 546.302941] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 546.309619] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 546.315866] *** Control State *** 05:59:09 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x40000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x100000003, 0x80000000000006) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/32, &(0x7f0000000040)=0x20) sendto$inet6(r2, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0x8}, 0x800000}, 0x1c) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x16) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000080)=0x100, 0x4) [ 546.319347] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 546.326276] EntryControls=0000d1ff ExitControls=002fefff [ 546.331794] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 546.340874] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 05:59:09 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$unix(0x1, 0x801, 0x0) vmsplice(r2, &(0x7f0000000400)=[{&(0x7f0000000300)="771613834ff940c93f435ce3595a0688bf04d28630fc0c8f6fc04760e0ed43aaaa439b2920a1e79b69a69363c52d06264b4aeacd057f894e2fb34b2d01933576f213d47b5bb76c177c6fcfd26728a658f8baaed5d51599ceb241b74eda54eb7aa539e0ba990e4675f67784b4f3d627cf87cb6ab26f7660894132b95f1e0f5ac1d160e61634ef3502f206d3e24c54866bc79e7bd20f4d1207b4bed2b4b04b1d6176520aa8f4d659a396aeb82621d546944f23c1e22fd0511506", 0xb9}, {&(0x7f00000003c0)="00c34538", 0x4}], 0x2, 0x6) r3 = socket$unix(0x1, 0x1, 0x0) r4 = fcntl$dupfd(r2, 0x407, r1) ioctl$EVIOCGKEY(r4, 0x80404518, &(0x7f00000000c0)=""/234) bind$unix(r3, &(0x7f0000003000)=@file={0x1, "e91f7189591e9233614b00"}, 0xc) listen(r3, 0x0) ioctl$KDSKBSENT(r4, 0x4b49, &(0x7f0000000240)="55dc4af1963b711f7c82b4658bb2be92496ceeadaa6a6c7b4d0d6f0395d997") r5 = accept4(r3, &(0x7f0000b17000)=@generic, &(0x7f0000dbd000)=0x80, 0x0) connect(r2, &(0x7f0000931ff4)=@un=@file={0x1, "e91f7189591e9233614b00"}, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'team_slave_0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'team_slave_0\x00', 0x200008000005}) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) getgid() setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000080)=@req={0x200, 0x0, 0x40, 0x3ff}, 0x10) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000280)={'veth0_to_team\x00', 0x2}) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f00000001c0)={'NETMAP\x00'}, &(0x7f0000000200)=0x1e) write$P9_RLERROR(r4, &(0x7f00000002c0)={0x17, 0x7, 0x1, {0xe, 'veth0_to_team\x00'}}, 0x17) 05:59:09 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc020660b, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 546.379681] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 05:59:09 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0xe000000, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:09 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x6, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x1, 0x30397653, 0x3}) 05:59:09 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xe0ffffff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 546.440064] reason=80000021 qualification=0000000000000000 [ 546.475729] IDTVectoring: info=00000000 errcode=00000000 [ 546.495461] TSC Offset = 0xfffffed947c6421e [ 546.508350] EPT pointer = 0x00000001be89b01e 05:59:09 executing program 2: r0 = socket$inet6(0xa, 0x2100000000000002, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(r1, 0x10e, 0x9, &(0x7f0000000140)=""/188, &(0x7f00000000c0)=0xbc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x995ba2d8201dca0b}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x2, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x90}}, 0xe8) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x3b0, &(0x7f0000000180)}, 0x0) 05:59:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x2, 0x0) 05:59:09 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x8800000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 546.652116] *** Guest State *** [ 546.655574] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 546.676321] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 546.693222] CR3 = 0x0000000000000000 [ 546.709509] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 546.737353] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:09 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffffffe0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 546.768888] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 546.787876] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.806230] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.830434] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 546.851341] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.864671] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.873199] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 546.881491] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 546.889671] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 546.897954] IDTR: limit=0x00000000, base=0x0000000000000000 [ 546.909315] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:09 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffffffff00000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 546.940964] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 546.956241] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 546.960062] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 546.966609] Interruptibility = 00000000 ActivityState = 00000000 [ 546.975564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 05:59:09 executing program 2: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x3f}, &(0x7f0000044000)=0x0) syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000003640)='/dev/snapshot\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000004740), &(0x7f0000004780)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x7000, 0x891, &(0x7f0000ff7000/0x7000)=nil) getuid() getresuid(&(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)) getgroups(0x1, &(0x7f0000000380)=[0xee00]) shmctl$IPC_SET(r2, 0x1, &(0x7f00000003c0)={{}, 0x0, 0x6}) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f0000000080)={0x10010009, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000001640)) mmap(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x8000000000000000, 0x811, r4, 0x0) ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000540)) timer_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x77359400}}, &(0x7f0000000000)) semop(0x0, &(0x7f0000000480)=[{}], 0x1) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000140)) [ 546.996198] *** Host State *** [ 547.004340] RIP = 0xffffffff8120427e RSP = 0xffff8801d7d67390 [ 547.017423] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 547.051474] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 547.073036] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 547.088098] CR0=0000000080050033 CR3=00000001c7e00000 CR4=00000000001426f0 05:59:10 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x40000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 547.104693] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 547.120723] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 547.170189] *** Control State *** [ 547.174121] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 547.190047] EntryControls=0000d1ff ExitControls=002fefff [ 547.206313] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 547.219133] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 547.230567] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 547.242495] reason=80000021 qualification=0000000000000000 [ 547.268891] IDTVectoring: info=00000000 errcode=00000000 [ 547.285275] TSC Offset = 0xfffffed8f3b406aa [ 547.298827] EPT pointer = 0x00000001c797601e 05:59:10 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) listen(r0, 0x800) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="0203000313000000000000000000000031150600000000000a0000000000000000000000000000000000ffff00000000000000000000000005000900000000000a0000000000000000000000000000000000000000000000000000000000000002000100000000000000690b0000000005000500000000000a00000000000000ff0200000000000000000000000000010000000000000000"], 0x98}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00006dbffc), 0x4) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8000, 0x10000) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000080), 0x4) 05:59:12 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc0189436, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:12 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xfffffffe, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:12 executing program 2: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x3f}, &(0x7f0000044000)=0x0) syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000003640)='/dev/snapshot\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000004740), &(0x7f0000004780)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget$private(0x0, 0x7000, 0x891, &(0x7f0000ff7000/0x7000)=nil) getuid() getresuid(&(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000340)) getgroups(0x1, &(0x7f0000000380)=[0xee00]) shmctl$IPC_SET(r2, 0x1, &(0x7f00000003c0)={{}, 0x0, 0x6}) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f0000000080)={0x10010009, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000001640)) mmap(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x8000000000000000, 0x811, r4, 0x0) ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000540)) timer_settime(r0, 0x0, &(0x7f0000000180)={{}, {0x77359400}}, &(0x7f0000000000)) semop(0x0, &(0x7f0000000480)=[{}], 0x1) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000140)) 05:59:12 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x1f00, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:12 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x5450, 0x0) 05:59:12 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000003c0)={0x0, &(0x7f0000000380)}, 0x10) mincore(&(0x7f0000124000/0x2000)=nil, 0x6e1d618312435888, &(0x7f0000d6e000)=""/34) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={0xffffffffffffff9c}) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="bc81ea8e0c9593fbe5acbe84a3bcaa05ba847b39b5973119b8c38306cf3fc808a024235e0c8219aff68718e70bac99e4d6e5d0985ada767306d27df14c88a266420e339bca619dff95b02f0060c7a25741292ebbe4f6ec8b20642e3351828d4d78c4db0d88c9c20b7a2b219e58f688c467d08dbc2b656c320b4e309effff6e9ee8a418b19147672970525e320be248c808b7be00051ed40beebcc0aaa54f8bcd6aef5cb955547d4ac3a6ce00f636a981156defd3892df4cd450b90ed04e003f8a5751761e4c0518d3fae8c1c92663c91fe8d6d306c0050425b518ff71347b5db81dee8226f3ba9908de2335ca62dc4c7d6bd96a42ca7", 0xf6}], 0x1, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0xf0, 0x117, 0x2, 0xd8, "75039b14b825b061f4a85a5e1081b47ad0b1fe780af60e4fb8b008d62c64c0183bc52d3dd3fb483a79ae76039c61199e30759ae5a061c38f5f12a94cba99d4a69e14528d878922763216c7e6c226678da25221a2d21ce02c0df036639ea10a1cff8ea130264984d01aecec34e1dc8a0813ae140cf64831a027a7263b0f94d221f2a158800687aae80a177bde6eba0b4158ea4022d7462774ccda95897f569113ec7fc30eeca856cef01b4602521ee332e024dc48b5761645618078dc3b758cff2e4bff54b45c40802306d30acc88c26be75087f00811beda"}, @iv={0x30, 0x117, 0x2, 0x1a, "fb63b33db84dcd77a24c03466650b6de6393a800be68038acd51"}, @assoc={0x18, 0x117, 0x4, 0xffffffff}], 0x150, 0x10}, 0x4000) 05:59:12 executing program 1: r0 = syz_open_dev$media(&(0x7f0000002600)='/dev/media#\x00', 0x0, 0x0) readv(r0, &(0x7f00000010c0)=[{&(0x7f0000000040)=""/99, 0x63}], 0x1) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f00000000c0)={0x169}) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x88, @remote, 0x4e20, 0x1, 'lblcr\x00', 0x14, 0x8d81, 0x6d}, 0x2c) [ 549.513185] *** Guest State *** [ 549.521999] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 05:59:12 executing program 1: r0 = socket$inet_sctp(0x2, 0x8080000000000001, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendto$inet(r0, &(0x7f0000000100)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000035abe1e80d903e0d717ac1889a45e581c9e14a5c8f95f5d2968ae8c767e9d18fd69a") mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x800000000004, 0x20011, r2, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000200), 0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x76, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000000)=0x90) 05:59:12 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x408, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 549.563740] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 549.574827] CR3 = 0x0000000000000000 [ 549.595557] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 549.601843] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:12 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000140)={@multicast2, @loopback}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f00003fdff5)={@multicast2, @loopback, @rand_addr}, 0xc) close(r1) semget$private(0x0, 0x3, 0x402) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000002880)=[{&(0x7f0000000680)="7027244a93b90a1de7bfc1ed0e95876df0d074347d046d60f44959b7fdfcd5e61a703636c5ebe0773ad10ea9bc3018566824463898e81aad5629e71e5d30f2b5b68d8a497d8f19d491f51d8585f2e0eeed54220fbe69d7d01491f2edd5c5cfc90c22d5e048fcdab7e8e413dc479c7bf4b4fc86e17013aca658aade625505ebc392cac63082c42cbcd02827e2a0ad26f559ef4c1cfb60a8ee9c9b5412935bc290d54f34c4d04e06839006ac9ce34c1738b9951ffae2fa452b08d3d7e1803a1c868489e5a63f710937692c7ee58f334cccd05805c5cef9103dcd01e4ffd34e389b26498318c74651b5b86b3af64e16545f85235d33e171b4112479ede24d83d1f161b933d261eefca2c28faa27b7911f1bb07e0b836aa5253aa1a8cef07170f3f750fd807f3dcf176f31d902f17f688490364d596f2623499e2221a9f81a7a9ddd3062f7ca1055ea8b555e8b1a9272e977ce051d77cbf9c89625b1981becba833adaedc1328b3c2a8071078ec5c04467e9cca168fa01937e7f568fae5cdff21bba6fb056434b04d9c3ce5e59d84983e8a7dab117c376d3e7de357d456fc172f2f5b189afd8a5221f9b141b", 0x1aa}], 0x1, &(0x7f0000002900)}, 0x0) mount(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, &(0x7f00000001c0)) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="636be3920faa73e10748caa073ad32582ae5d567ca737a8bce4c25a9ce86ff39beedb9a55a159b3afd00019868e60505201671905239b8dabc5dfaf4eab111b5228f77e11dcfb48ddf17ad0e78b885f8eef4469cf3162f799e012eab0cba6ecf7f3fffd0580abfd06275c80bd792049ef340dee848bdbe83a627"], &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='securityfs\x00', 0x100021, &(0x7f0000000480)) [ 549.608878] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 549.631692] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.651914] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.660321] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 549.672096] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.680744] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.689066] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.702749] GDTR: limit=0x000007ff, base=0x0000000000001000 05:59:12 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x800000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 549.711584] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 549.730432] IDTR: limit=0x00000000, base=0x0000000000000000 [ 549.738840] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 549.748961] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 549.778228] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 549.797615] Interruptibility = 00000000 ActivityState = 00000000 [ 549.816639] *** Host State *** [ 549.821564] RIP = 0xffffffff8120427e RSP = 0xffff88018945f390 05:59:12 executing program 2: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x408, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 549.837692] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 549.844787] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 549.853442] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 549.859512] CR0=0000000080050033 CR3=00000001bf53e000 CR4=00000000001426e0 [ 549.871716] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 549.898349] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 549.917542] *** Control State *** [ 549.928598] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 549.936562] EntryControls=0000d1ff ExitControls=002fefff [ 549.942286] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 549.949397] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 549.956578] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 549.966608] reason=80000021 qualification=0000000000000000 [ 549.973747] IDTVectoring: info=00000000 errcode=00000000 [ 549.979536] TSC Offset = 0xfffffed77070e29f [ 549.984502] EPT pointer = 0x00000001b92e101e 05:59:13 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x804000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:13 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2b, 0x8000080000000001, 0x0) r3 = shmget$private(0x0, 0x3000, 0x100, &(0x7f0000ffd000/0x3000)=nil) shmctl$SHM_INFO(r3, 0xe, &(0x7f0000000280)=""/24) shutdown(r0, 0x1) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10) r4 = creat(&(0x7f0000000000)='./file0\x00', 0x4) getpeername(r4, &(0x7f0000000200)=@l2, &(0x7f0000000140)=0x80) ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f0000000040)={0x903, 0xa, 0x4, 0x1070010, {0x0, 0x7530}, {0x7, 0x9, 0xc385, 0x0, 0x9, 0x0, "15179ceb"}, 0x0, 0x2, @userptr=0x9, 0x4}) connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e23}, 0x10) getpeername$inet(r4, &(0x7f0000000180)={0x2, 0x0, @broadcast}, &(0x7f00000002c0)=0x10) ioctl$RTC_IRQP_SET(r4, 0x4008700c, 0x122a) 05:59:13 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5334, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x8138ae83, 0x0) 05:59:13 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00?\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:13 executing program 2: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="2400000002031f001cfffd946fa2830020200a000900010001e7000000001960819c40b6", 0x24}], 0x1}, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000000)={0x80000000, 0x1}) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000640)="2400000002031f001cfffd946fa283005b580a000900020009000000020015000404ff7e", 0x24}], 0x1}, 0x0) 05:59:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4004ae99, 0x0) 05:59:13 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$midi(&(0x7f00000003c0)='/dev/midi#\x00', 0x9, 0x80) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000400)=0x800, 0x8) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000080)="7e68bfc72d2c6bfba2305774d6146f3be944dfadc931b7649a7d0ba3e5fa408092a5bcaee43a54b34f79f8426744c9bd766222b221b343d722d9655f0caeecb6dc844853f0615512e64e4e732070083a57") listen(r0, 0xcb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000280), 0xa5, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, &(0x7f0000000040), 0x113, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) close(r0) 05:59:13 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x2000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 550.517950] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 550.542439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 550.581305] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 550.582797] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. 05:59:13 executing program 2: ioprio_set$pid(0x1, 0x0, 0x7c3a) clone(0x802102081ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x400000) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='ipddp0\x00', 0x10) 05:59:13 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x7fffffffffffffff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x5452, 0x0) 05:59:13 executing program 2: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000009fe8)={0xaa, 0x26}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00003e2000/0x2000)=nil, 0x2000}, 0x1}) prctl$intptr(0x29, 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) clone(0x0, &(0x7f0000000100), &(0x7f00000001c0), &(0x7f0000001000), &(0x7f0000000200)) write(r0, &(0x7f0000000340)="1efbd33b42bf02ac6a855186b429c4a30e290d63431fbf50c9cdf032185fe149e2d187c7ca2ca21e77fedd6fede3606a3c3a673e5e86275e3938064fa3ac77eb2ef71291ac68d37414ecaeb656f3faa5b4a6e5c5062018df183b73760c43442c05fd931c521c574f772934ea1f2a288f1e4a02e8311dc21193ff4e137de2ddf5f6cd85d05df9750c9f05420da35ad2f4a002d247233991", 0x97) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) openat$cgroup_procs(r1, &(0x7f0000000200)='cgroup.threads\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000580)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}}) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, &(0x7f0000000000), 0x1, 0x2000000000002) 05:59:13 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x600000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:14 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xc020660b, 0x0) 05:59:14 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100000000fffffdfd00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:14 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xfeffffff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 551.382797] *** Guest State *** [ 551.391392] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 551.402070] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 551.412192] CR3 = 0x0000000000000000 [ 551.416267] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 551.423113] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:14 executing program 1: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x600000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:14 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x300000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 551.446899] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 551.463383] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 551.479544] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 551.505166] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 551.520645] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 551.530341] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 551.539080] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:14 executing program 1: socketpair(0xa, 0x80801, 0x80000001, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket(0xa, 0x3, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000340)={0x6, 0x118, 0xfa00, {{0xfff, 0x98, "69f71e5cb68061f27c73dc05a9b87e03cd79775132db5959bbe2c7b4f76f4304fccc35b5b95fa208a712c639d3705923bc17e66209e1f41d61b11ae614ef5f2d9be4b69ff71c061c27842521ad57fc5de05935f18e2254a8331785e16e7a553ce5c90385e792ee72a36b0c2612fe6c579e8f4ff60d4695f586cb414ef79ce875faaa0d379440e5542ff828c398bcf2b333547972d2d078bdca1004ab09322df7eaf7943db34a9c513640190faf269fa6773c166124547480ea2459bc1b84924dcd0557fc701376b926933ef371503e6adb10a453ffe27944359fc39a30c50eb5db9f07fcded6673722417aef2f03c48a65d289b23479bf89fedc938733e6f65f", 0xd7, 0x1, 0x6, 0x80, 0x6, 0x1, 0x0, 0x1}, r3}}, 0x120) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000040), 0x4) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={"6272696467653000000100"}) syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000300)) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000180)={0x0, &(0x7f0000000140)}, 0x10) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8923, &(0x7f0000000100)={'bridge0\x00', 0xfffffffffffffffd}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) 05:59:14 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x1000000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 551.547854] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 551.556865] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 551.565445] IDTR: limit=0x00000000, base=0x0000000000000000 [ 551.574381] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 551.582980] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 551.589744] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 551.625980] Interruptibility = 00000000 ActivityState = 00000000 [ 551.640083] *** Host State *** [ 551.648564] RIP = 0xffffffff8120427e RSP = 0xffff8801bba2f390 [ 551.656665] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.664945] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.672972] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 551.684347] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 551.713317] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 551.734075] CR0=0000000080050033 CR3=00000001cbc64000 CR4=00000000001426f0 [ 551.758720] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 05:59:14 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x600, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 551.781763] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 551.800147] *** Control State *** [ 551.806060] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 551.841213] EntryControls=0000d1ff ExitControls=002fefff [ 551.863160] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 551.900744] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 05:59:14 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x6, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 551.980416] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 552.046057] reason=80000021 qualification=0000000000000000 [ 552.094119] IDTVectoring: info=00000000 errcode=00000000 [ 552.120007] TSC Offset = 0xfffffed66cd36480 [ 552.140192] EPT pointer = 0x00000001c83bb01e [ 552.630164] ýÿ: renamed from bridge0 05:59:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x20000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000080)={0x77, 0x0, [0x0, 0x0, 0x40000071]}) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x400, 0x82) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000040)={0x1, 0x7}) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f0000000200)=0x7) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000100)={0x100000000005, 0x821, 0x3, {0x7, @sliced={0x8, [0xfffffffffffffff9, 0x10000000000000, 0x140000000000000, 0x3, 0x0, 0x7f, 0x8, 0x7fffffff, 0x7, 0x5, 0x0, 0x40, 0x0, 0x6, 0x4, 0x20, 0x7, 0x3, 0x1, 0x9, 0x9, 0x10001, 0x1, 0x4, 0x8000, 0x9, 0x7, 0x0, 0xb61, 0x7, 0xda41, 0x0, 0x8000, 0x3, 0x7, 0x401, 0x100000001, 0x5, 0x0, 0x7ff, 0xfc, 0x7, 0x100, 0x6, 0xffffffffffffffff, 0x100000001, 0xea, 0x7], 0x7ff}}}) fcntl$getownex(r2, 0x10, &(0x7f0000000280)={0x0, 0x0}) ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f00000002c0)=r4) 05:59:24 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x4000000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x5460, 0x0) 05:59:24 executing program 1: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x300000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:24 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531fffffdfd00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:24 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xfdfdffff, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:24 executing program 2: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000000)={0x53, 0x0, 0x11, 0x0, @buffer={0x209, 0xb8, &(0x7f00000001c0)=""/184}, &(0x7f0000000580)="ad406a60d56c581a4ee7cadfccec35664e", &(0x7f0000000340)=""/128, 0x0, 0x0, 0x0, &(0x7f0000000140)}) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x8, 0x181) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000003c0)={0x0, 0xf0, "2ee9ebd43d79ee0ca6212b1c86ac8e7e9e7865bd73691c211e0fed4cbf746279b0fd2a25d1342e299181b2c308354e79515c49c6f89677273fc73654b990f9b7f9425d95671822cf9c1efedc90afeb5cbb6e6a67ff5bf3ebcdbced1040a7d27475ee5dc1c7846777df1af171b9e356a4263d5c6225424fb10115a5894233375dc8da8bab014cbc73d3c9dcbd6edb1a078b272d9fa6ab59153f7f0cb6be36fb3cb735d9e47730811894c28700c1b48a38e4aa645bed02ff9d18ec67b154240f454418d4779bba8d736983c82c10a01166a1f83382172116a401def78b83d41e46c03a78d30ca3d06092ac9fa8550f7058"}, &(0x7f0000000100)=0xf8) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000180)={r2, 0x800, 0x400}, 0x10) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) 05:59:25 executing program 2: io_setup(0x3, &(0x7f0000000240)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) close(r1) r2 = userfaultfd(0x0) io_submit(r0, 0x33a, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) 05:59:25 executing program 1: r0 = socket$inet(0x10, 0x3, 0x5) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000017000)=[{&(0x7f0000004000)="240000001d0003ffff3cc0023da2830101faffffff86c436271d8568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000009040)=[{{&(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000003e00), 0x0, &(0x7f0000000100)=""/124, 0x2d}}], 0x400000000000207, 0x2, &(0x7f00000000c0)={0x77359400}) 05:59:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x8004ae98, 0x0) 05:59:25 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x3000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:25 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x9, 0x400000) write$P9_RVERSION(r1, &(0x7f0000000100)={0x15, 0x65, 0xffff, 0x1, 0x8, '9P2000.u'}, 0x15) fchdir(r0) creat(&(0x7f0000000040)='./file0\x00', 0x140) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) openat$cgroup_procs(r2, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0) rmdir(&(0x7f0000000400)='./file0\x00') ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) 05:59:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000d00)={&(0x7f0000000000), 0xc, &(0x7f0000000cc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="6c010000170003000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000aafe80000000000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000002000000000000000000000000ff01000000000000000000000000000100000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000007000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000478100000000000000004400050030662f363fb89ba80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f10000000000"], 0x16c}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xfa0, 0x200000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x3f, @remote, 0x4}, @in6={0xa, 0x4e20, 0x10000, @mcast2, 0x6}, @in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e21, 0x800, @remote, 0x3}]}, &(0x7f0000000300)=0x10) io_setup(0x5, &(0x7f0000000380)=0x0) io_pgetevents(r3, 0x8, 0x4, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x0, &(0x7f0000000480)={&(0x7f0000000440), 0x8}) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r2, 0x2}, 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000180)={0x800, 0x8, 0x1, 'queue1\x00', 0xff}) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000080)) 05:59:25 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xe0ff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 562.353555] netlink: 68 bytes leftover after parsing attributes in process `syz-executor1'. 05:59:25 executing program 2: getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000080)=0x20) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETGROUP(r0, 0x400454ce, r1) sigaltstack(&(0x7f0000000000/0x3000)=nil, 0x0) sigaltstack(&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000040)) 05:59:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x40049409, 0x0) [ 562.405857] netlink: 68 bytes leftover after parsing attributes in process `syz-executor1'. [ 562.488657] *** Guest State *** [ 562.501839] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 562.516599] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 562.527160] CR3 = 0x0000000000000000 [ 562.531492] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 562.548332] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 562.554851] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 562.561634] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.569608] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.577857] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 562.586456] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.594501] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.602547] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.610573] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 562.618554] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 562.626688] IDTR: limit=0x00000000, base=0x0000000000000000 [ 562.634741] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 562.642771] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 562.649178] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 562.656668] Interruptibility = 00000000 ActivityState = 00000000 [ 562.662910] *** Host State *** [ 562.666086] RIP = 0xffffffff8120427e RSP = 0xffff880180b6f390 [ 562.672219] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 562.678618] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 562.686468] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 562.692377] CR0=0000000080050033 CR3=00000001cc09b000 CR4=00000000001426e0 [ 562.699393] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 562.706171] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 562.712254] *** Control State *** [ 562.715708] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 562.722430] EntryControls=0000d1ff ExitControls=002fefff [ 562.727887] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 562.734859] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 562.741539] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 562.748202] reason=80000021 qualification=0000000000000000 [ 562.754549] IDTVectoring: info=00000000 errcode=00000000 [ 562.760033] TSC Offset = 0xfffffed0785f920d [ 562.764338] EPT pointer = 0x00000001d878901e 05:59:25 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00?\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:25 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x2, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:25 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0xfffffffffffffffd}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xd74a45eaf58a4192, 0x0, &(0x7f0000ffd000/0x3000)=nil}) syncfs(r1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000200)={0x0, &(0x7f00000001c0)=""/26}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="9b0f6f"]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r5, 0x10e, 0x0, &(0x7f00000003c0)=""/58, &(0x7f0000000080)=0xffffffa5) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000240)={'bond_slave_0\x00?\x00', {0x2, 0x0, @rand_addr}}) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000040)={'bond_slave_0\x00', {0x2, 0x0, @local}}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000280)={0x0, 0x80000, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000300)={r7, 0x80000, r1}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x404c534a, &(0x7f00000004c0)={0x0, 0x0, 0x5, "71756575653100000000000000000000020000000000000000000000000000006800"}) 05:59:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000d00)={&(0x7f0000000000), 0xc, &(0x7f0000000cc0)={&(0x7f0000000800)=ANY=[@ANYBLOB="6c010000170003000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000aafe80000000000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e0000002000000000000000000000000ff01000000000000000000000000000100000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000007000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000478100000000000000004400050030662f363fb89ba80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f10000000000"], 0x16c}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0xfa0, 0x200000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0x64, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x3f, @remote, 0x4}, @in6={0xa, 0x4e20, 0x10000, @mcast2, 0x6}, @in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e21, 0x800, @remote, 0x3}]}, &(0x7f0000000300)=0x10) io_setup(0x5, &(0x7f0000000380)=0x0) io_pgetevents(r3, 0x8, 0x4, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x0, &(0x7f0000000480)={&(0x7f0000000440), 0x8}) setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r2, 0x2}, 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000180)={0x800, 0x8, 0x1, 'queue1\x00', 0xff}) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000080)) 05:59:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4138ae84, 0x0) 05:59:25 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x1f00, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 563.006350] netlink: 68 bytes leftover after parsing attributes in process `syz-executor1'. 05:59:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x5421, 0x0) 05:59:25 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xe0ffffffffffffff, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:26 executing program 1: socket$inet6(0xa, 0x0, 0x0) socket$inet(0x2, 0x8080b, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000480)={0x2, 0x0, @broadcast}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000640)={0xa, 0x0, 0x0, @remote}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000500)=ANY=[], 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in=@multicast1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffffffffffe}}, {{@in6=@mcast2}, 0x0, @in6=@loopback}}, 0xe8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0, &(0x7f0000000840)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) r0 = socket$inet(0x2, 0x4000000000000001, 0x6) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000006c0)=0x200, 0x20) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r0, &(0x7f0000000140)={0x2, 0x8000004e23, @multicast1}, 0xfffffffffffffe75) sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, &(0x7f00000000c0)={0x2, 0x4e21, @multicast2}, 0x10) recvmsg(r0, &(0x7f00000005c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000740)=[{&(0x7f0000003ac0)=""/4096, 0xd400}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 05:59:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x10, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 563.270629] *** Guest State *** [ 563.286594] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 563.338921] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 563.374889] CR3 = 0x0000000000000000 05:59:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x20000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 563.387710] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 563.400616] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 563.421249] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 563.442916] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.485058] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.540061] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 563.548061] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.569964] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.578410] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.587057] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 563.596992] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 563.605558] IDTR: limit=0x00000000, base=0x0000000000000000 [ 563.614138] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 563.622721] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 563.629541] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 05:59:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x100000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 563.637666] Interruptibility = 00000000 ActivityState = 00000000 [ 563.654916] *** Host State *** [ 563.664351] RIP = 0xffffffff8120427e RSP = 0xffff8801805bf390 [ 563.687323] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 563.726133] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 563.758757] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 563.783323] CR0=0000000080050033 CR3=00000001bfdb5000 CR4=00000000001426e0 [ 563.819335] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 563.850145] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 563.856225] *** Control State *** [ 563.859692] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 563.867764] EntryControls=0000d1ff ExitControls=002fefff [ 563.873296] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 563.880267] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 563.880277] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 563.880286] reason=80000021 qualification=0000000000000000 [ 563.880294] IDTVectoring: info=00000000 errcode=00000000 [ 563.880301] TSC Offset = 0xfffffed01751e430 [ 563.880321] EPT pointer = 0x00000001be20201e 05:59:26 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000000000000001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x200000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x5451, 0x0) 05:59:27 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x0, 'queue0\x00', 0xfffffffffffffffd}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0xd74a45eaf58a4192, 0x0, &(0x7f0000ffd000/0x3000)=nil}) syncfs(r1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000200)={0x0, &(0x7f00000001c0)=""/26}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="9b0f6f"]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$netlink(r5, 0x10e, 0x0, &(0x7f00000003c0)=""/58, &(0x7f0000000080)=0xffffffa5) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000240)={'bond_slave_0\x00?\x00', {0x2, 0x0, @rand_addr}}) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000040)={'bond_slave_0\x00', {0x2, 0x0, @local}}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000000), 0x1000000000000040) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000280)={0x0, 0x80000, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000300)={r7, 0x80000, r1}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0x404c534a, &(0x7f00000004c0)={0x0, 0x0, 0x5, "71756575653100000000000000000000020000000000000000000000000000006800"}) 05:59:27 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xfdfdffff00000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x2000000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:27 executing program 1: clock_gettime(0x6, &(0x7f0000000280)) socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vlan0\x00', 0x1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)) syz_open_dev$sndseq(&(0x7f00000001c0)='/dev/snd/seq\x00', 0x0, 0x80) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff81}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x15) r4 = syz_open_dev$sndseq(&(0x7f0000000340)='/dev/snd/seq\x00', 0x0, 0x4000) fremovexattr(r4, &(0x7f0000000480)=ANY=[@ANYBLOB="62742f74756e00e87f76879ad35e32bc0ae7f43abb6def34850903e303b551754716a0b0e4c5b78c22e5bbf68bda6c8952a6a26f5b9bbdea8101ac9acbe1f169d0b958f73ad3bc2d92d1e54a52150f03e02307612c159a1f923e252498f6f7427678ecd35af79bcef217d686dbde48500ed5d54e7186a61d1de1c7bddd09b71cd98a0540d82629193a386580cf22e8f4364073cbc6c53d74a390adca9099889d777e670fc876a52cbddf564a133e4e3c6edaeb751ab1c3298c8bf690"]) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x804, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 564.251265] *** Guest State *** [ 564.260541] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 564.279173] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 564.291470] CR3 = 0x0000000000000000 [ 564.297889] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 564.312279] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 564.324857] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 564.332692] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.343074] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.351877] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 564.360668] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.368976] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.420709] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.441384] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 564.459280] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xe0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 564.474313] IDTR: limit=0x00000000, base=0x0000000000000000 [ 564.482806] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 564.491792] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 564.498484] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 564.506353] Interruptibility = 00000000 ActivityState = 00000000 [ 564.513330] *** Host State *** [ 564.519404] RIP = 0xffffffff8120427e RSP = 0xffff8801805bf390 [ 564.536390] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 564.551073] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 564.559444] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 564.592988] CR0=0000000080050033 CR3=00000001baa5e000 CR4=00000000001426f0 [ 564.621315] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 564.654297] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 564.680782] *** Control State *** [ 564.692368] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x3, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 564.700911] EntryControls=0000d1ff ExitControls=002fefff [ 564.718400] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 564.735070] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 564.765142] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x300, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 564.821161] reason=80000021 qualification=0000000000000000 [ 564.827523] IDTVectoring: info=00000000 errcode=00000000 [ 564.843699] TSC Offset = 0xfffffecf8c0979da [ 564.848359] EPT pointer = 0x00000001c778301e 05:59:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xc018ae85, 0x0) 05:59:27 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000000000000000100"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x800800000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 565.081278] *** Guest State *** [ 565.084745] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 565.120461] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:59:28 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x20000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 565.143767] CR3 = 0x0000000000000000 [ 565.160005] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 565.189454] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 565.198878] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 565.206295] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.214905] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.223579] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 05:59:28 executing program 2: socket(0x2, 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000100)={0x9, 0x3, 0x100, 'queue1\x00', 0x3}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@broute={'broute\x00', 0x20, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000080), &(0x7f00000002c0)}, 0x78) [ 565.234338] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.248376] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.257749] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.269528] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 565.279464] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 565.299773] IDTR: limit=0x00000000, base=0x0000000000000000 [ 565.312500] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 565.323255] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 565.332153] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 565.355503] Interruptibility = 00000000 ActivityState = 00000000 [ 565.368785] *** Host State *** [ 565.372313] RIP = 0xffffffff8120427e RSP = 0xffff8801bfd57390 [ 565.378347] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 565.384836] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 565.393027] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 565.398938] CR0=0000000080050033 CR3=00000001beaa8000 CR4=00000000001426e0 [ 565.405986] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 565.412710] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 565.418763] *** Control State *** [ 565.422952] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 565.429966] EntryControls=0000d1ff ExitControls=002fefff [ 565.435418] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 565.442393] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 565.449090] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 565.455715] reason=80000021 qualification=0000000000000000 [ 565.462082] IDTVectoring: info=00000000 errcode=00000000 [ 565.467532] TSC Offset = 0xfffffecf1d77c9dd [ 565.471888] EPT pointer = 0x00000001c833c01e 05:59:30 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xe, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:30 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x3f000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:30 executing program 2: stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={"00ac720000000000ec973f820f7c4000", 0x400000102}) ioctl$TUNSETOWNER(r0, 0x400454cc, 0x0) close(r0) 05:59:30 executing program 1: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x50001, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000100)=0xb491) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000180)={0x7, 0xfffffffffffffdfd, 0xfa00, {r2, 0x2000000000002}}, 0xffffffffffffff9e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000140)=0x500, 0x5) 05:59:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4090ae82, 0x0) 05:59:30 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "7175657565310000000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:30 executing program 1: r0 = getpid() r1 = getpid() r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x3, 0x6) kcmp(r0, r1, 0x7, r2, r3) r4 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0x9201, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r4, 0x4040ae72, &(0x7f0000000000)={0x73, 0x7, 0x0, 0x7, 0x7b09}) 05:59:30 executing program 1: perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000200)='eth0+$^\\\x00', 0x0) r1 = syz_open_dev$sndctrl(&(0x7f000000a000)='/dev/snd/controlC#\x00', 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000740)={0x0, 0x0}) gettid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, r0, 0x0, 0x29, &(0x7f0000000140)='/nodevwlan1\'trustednodev+nodev^{security\x00'}, 0x30) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000280)) getpgid(r3) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) getpgid(0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000380)=0x0) r5 = getpgid(r4) r6 = syz_open_procfs(r5, &(0x7f0000000040)='sessionid\x00') perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet6(r0, &(0x7f00000003c0)={0xa, 0x4e23, 0x80000001, @local, 0x7}, 0x1c) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0xc1105518, &(0x7f0000001000)) read(r1, &(0x7f0000000540)=""/32, 0x20) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r6, 0x84, 0x8, &(0x7f0000000340)=0xf4, 0x4) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r7, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r8 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xffffff, 0x1) ioctl$FS_IOC_FSGETXATTR(r8, 0xc0185500, &(0x7f0000000240)={0x20323, 0x4}) mkdirat(r8, &(0x7f0000000080)='./file0\x00', 0x110) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000580)="b5d7522f9d33b63f526ccc682338444a302afa4b8659b651f6dd80f6217b3ad368cce469ca517224d794e4a616f6bd1bdb5df82abf63f9903d677fcef84587ec411327d396ea1bab318b28cf7eb39a2b13487a44612f20177cdbd0c7f196d78cae9d448c5390b598d64d3ff995e2b4c7b3cbce997a527888", 0x78}], 0x1, &(0x7f0000001080)}], 0x1, 0x4010) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x5, 0x9, 0x0, 0x0, 0x5, 0x7ff00000000000, 0x1, 0x1, 0x5, 0xe21}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) perf_event_open(&(0x7f0000000440)={0x3, 0x70, 0x6, 0x7, 0x4, 0x7, 0x0, 0x7, 0x1000, 0x4, 0x10001, 0x3, 0x2, 0xe2, 0x2, 0x4, 0x0, 0x9, 0x3, 0xffff, 0x82, 0x41e, 0x171, 0x4, 0xb0, 0x9, 0x1488, 0x8, 0x3, 0x7, 0xfffffffffffffffb, 0x9, 0x80000001, 0x81, 0xfc, 0xaa, 0x1, 0x3, 0x0, 0x1, 0x7, @perf_bp={&(0x7f0000000400), 0x4}, 0x80, 0x7, 0x2, 0x7, 0x3, 0xffff, 0x3ff}, r2, 0xa, r0, 0x0) 05:59:30 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x10000000000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 567.292141] *** Guest State *** [ 567.310150] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 567.320490] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:59:30 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x2, {{0x2, 0x0, @multicast2}}}, 0x356) r1 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0xca, 0x4000) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000200)) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000480)=ANY=[@ANYBLOB="6e61740000000000000000000000000000d42c5dc63e7d714100000000000000000000000000000000000000000000000000000000f5ffffff00000000000000000000000000000000000000000000000010000000000000000000000000000000a78d38d2c878863ac3a372ac36ca17ffe073bbdc4a41755c12e5e2cc51bfbf89b8f0294fca1c2fc18043bf17610c87a356ed16bbd789bed77d46c087701f38563e1296730494db1de9007bf1d96dd894b6f6d8a80cd8f9e0dd940cf8d74c94a2a87b5f4176d3a11c617e4d4041609848f7656c050c88a315880b32a3f018f67d51aeaeae7bbbd11348b4f2fad6503546cba86e0ad1b4ebaabfc3c39cc70b62ac95865421cf33c2399f8ec72ac45a5a47089b09f2b29d1c300bb79aa2488eb6681c6868b953385280e9f2ffcdc42db9b092d7df2d1a1efacc7e62efb80984bc6445995cd297db82e26306cf81832d6d76bf703f8a", @ANYPTR=&(0x7f00000017c0)=ANY=[@ANYBLOB="0000000000000000000000007b0200000000000002000000000000000000000000000000000000000000000000000000000000000000000000c202f3a2696f3e000000000000000000000000000000000000000037d0e2ffffff0000000000000400"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000640)={0x2, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @local}}}, 0x108) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0x40) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e20}}, 0x0, 0x7}, &(0x7f0000000100)=0x90) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000780)={r3, 0xe5, 0x139e, "eab608e03eab7690deebfde4584867db4a8fcaaa1a40e5a8b8f37b4cd27fa446b7d85753c678f1d774cd68f3c30b90c2f9e6b2b472b25b66e605fd63da672fd62439b9dca1bac384ff64e203d64e5b72655c6bb9ac8960e732e4e4fdbde98ffedda099d7d61b50ea70157aaf7ae5af8d4e845d91806384cbf0a8b2772c3b3154ad9f61e61a5c1964c86749c4b53c93e22bd7c7f873eb818c87bc15cf39c084525d0c43472ac1a3264f8745bd06e250a2b8e85fc71983c79d4f328d760395d88aa7116856d2e0388b14f3c4a5f61904948e4f5a8bb47bf58e5174347f7f82d477c1eec2af822dcc5c35918a56da0f98759336bbbb372c2b38a07c0ba73c0804ad151344cbcd6004e56eaa08286f9afc6dcd35c5483465fa14890d7811e4e7255056071d56b571cfe3c8826de7d21c9bcbfd7b16457a608b6e2a1b324b72f340ef8e021d7030c16a8c6a08b85f5321dd836554793a2d60648158523b78a7a9629dc3bd1963d85cabdc3b3eef2c4d4a116f9e3724b4334678fa83c7bb8763ac2faae34788a586e7ef96dd86c62c96c2b8979a1452bde9d8d816cfec23a6ae6ebe99aabe47f4f535db16be836459d5f569ed8e6c09d4ec13e5fc2d2b384faf2655baf9be4195ac3ec8153a86dfbcf1990c7dafd6f6eb8bbf791ebc44e67a3818905123a218e1b05301b20608c08c527dbbd076c4ffafda0cc1c62e8a14a47b6c286f6eb9570affbd59472215a1a9f443dbf7cfabacac304bd0274980f48284af1adb6f7cb6e98a661bae8a3060c34a8d8b7b04efc2d52271d635c679525dab8c98551ca56e3e1f753717db8968b8590caa22ddd8aacd9369838cda90487aad9029c83a6d35b8e5a3f0426c553693c00e85ad2d8e6733a4bd0464d0b68bc1abf190c947f58bea2d241dedc7ebbb7e93f46f289095fcfb58e24dd59cdbeaa093c699dcd053f1f478ac5dd77ab1eff9f50ae124f51677f37e561d0dfaa280224365f4478d2843dff03cfe5512a7dab2355fb3a43e564fc2f8310ab9beecfe0bf722edb91c10bd1147a423418506099cb7ccfabb29ea9a8ccd31df886e1bd7f94dd7d019ddba0c29707d33104d74481b86cc0fe057cd80708dc65aa97ab08ba53fcccd830938027e8c68d7e51a0e25eb9b8943a82aca086a6580f46d22beb0df451e044c6ac79e4403eece0bc651d02d6d44022c8bd860a56a4badd793e630a5c15ebabf3522a4772d984ef136e2b9b714aafdf6fdffb5691de0b87950e5671b7be65fdbb44be41da573a1cde63e9d5ede47bd8e455e3a064ab8934709f9372d72d4e4fd2bad052cbcc36eb8dd543a3dc2714afe314a8e1e54dc2db52ab62996a358a8a4e10f7950502933584ceacfcd6c54d5927fb2dd77266836811cce2f3e5f640996ecc7fcd6a9e7c8e740841995ceafba87ce6fcea6e91fbbf32ea8adb70a7665a57a70df90c1a8479d0bd275adefb6c55f85e68ef83d557a603c85c3f841dc87089f99632dae56dc952f596c7c3e4b497c5900238e3e0586942901895e032bda674b43acb8bd6632fb75e34b035c01ef7a116a767951c5b4fd96dbf54b9995b471e5e2e36062c492d0ec359024e99d568a6ae1ced4c3febf98712b653e662e856d73b3e940cf388e42aab0a9b2a8066263ca7720078f7ba86747399c49ea769cda33b39d5a7b81cf6ed171b2903a1cf6c1d6d57a99964050484925cee8ceeb39846c660274c1441f9a0b6149eaa52805d63349431e0e558d040fd7ab7bbffd1e1d870b9c0a9b4356fe6dd84cc332ce8d9a2be8c355b8f7bd64c32a25ac5b678c8bdbbf64465347f735a41ea2a2c2ec9a5bbbf2645de6deb542408bf4b813e3fe5387c9c67e343bab8d071638f857f480c55eee5b5c5fb80f9b812e65649f2c05668d17116b3262470c9b329d402afee70352e5d079ea9defa0164cdc98da2d1acd341d93e6f784d50271def67c17a8760c3f66527127bd6d0d8077dbcff1b6205fc26c605a3c9be3daa7971701c7aad7b0377c1e4ec0c4a6b1005b90eed1ac53cc2a69bc23f65d876fb818660a8deda328b2935807a629596355011773eef5dc2be37b4da831e531872b03dde392cbe2368421d020547abe7080737cc4d10404b9211867e892af237442ac358ac27d8b637bc211e7c22f8b5ff8a405bf9716ccb84831157f1826af9bb9fe68e71da566bed66adeb82381fd22ebceb545fa6b917c6a3442b4871937022c0f59610ce8757d056540ece76bbcc75b3755975d618b6c8d5bc4054327a04f209bc3341359b4d4d55bbefb8aed5575b448eaa8b790a3617431759121323bfa738bf9cb4fa08ca0b3c316d03c72e5128835d637589fb115a5a29400c703529d66ecf41a1b3a337a60e6fb9e60c32f0ddb30f51a2da21122f4e334dbb5f2bf1b944c5eecf0c0276436a0e20de8ab5a1d4aae64ff9f425e890a95f4bbcc38fa4599e5260010447f460db24f11a6f17da3b291414412183856ea6d62a059e2bc6920292525cb3367ce304220f6633b176baddef620015f57bf16181c8d69929d5cd1aa353fdb8dd8a38dc3caabbf696ff9c187e736d2562ad225d9dea0fd421c098335b85a6eff42c4c5ad535009141d46dad88a195f2b05fc88a26fdc2f3d6a2aa0a8fa8766eafcb65550b07cfc018c647945471e9ba0e5909339a112438223f99357ebad9451eb5e53d88f5b70d7747b8667430daf4df3146979424b0ce700ec28c02e2e2cd9650f0401fef3b9d69fd4cbcc50934621a0c09172512d00a7cfca4078711f1815a56408c45d1f78a493d66871e4391a0a8d5c82ca87da92beaeccfc402a7ca8164e9def5d061b793a467abd74b417b730a442b36d0d8cac8acb253bca9309efe9c970d208bb2264ff93bdc4b018f6d11e009238ec661653ebaad08314e8840ea48709526f20c2b7c2f5f35de91e2434b8b9bc1edb6bfc91f1f09bfc9f6a7901b58daef4f5f9321abcb29d7c00fa8a5f72b964dd2d96e5ff2d895ff30f624d96eb8e81be9a89320bba9c62cea567919e32a244e86bd0c9a3ab9c4562e12c65c4025fbbfb72f2c49440a40fc8489ce51925cd5693968c1675a8d9a18adfc950f524cbf979aa6529b7c8af5c247e588b90b746f26bc906421b5a25bf6f8e0064edfbf5761b506edc1b561d84132b2028b0bc761a957d567e52b39e0661623d34d9a6aa411f999bc44c77d03602d378831b592cf43f835ecd1fcbd8ac67b28ed051ebaa0529ae0c6d50dc98a75530e4c0ab010cbd5407e47115241a2809229d09b7f98336321bfa4fc2ae09f57ee71388c66c2d929f472aedfbb1088fd883e92e68b4ffc76e6dec12ed0e95a32d3de37c923a0b781b56955215d625d3c7a225c5bdc641eaa7fd23fa201798373ee93063adedaaa599db27f2c4a9166e0c03e5431f76d53007b317903213a45ecd4918ffbceed58494d912f007b04a274581a30ae55cea9303e6e6962b92eeb37a15f9287bfa20549be986956721f34f041e06be768c6d9b431c460243a7be9f04b7ad9c05d38c88b0bd62b15e3f50b1dbfed8b57a9b1bcaf224d9c755c62f256ea56fec82cdba14ba61e4a7ac4c64f9f73001a45c806930f53e7717a4bea0a479b745d5f1f2ac3c777adc0d151fa7d81fc650fdd551651482b1265d15a8fa8299ee5bb81445550601baf58d0e707a0536a963bc9f140a1defa662a428412bc5038d9aa15f0df7b3347bfa999db933d06dc046d3665babdd80d779fa51a994e984e099f7e4bd5979d70d1377e5cbe71b4b276d3e0835f7fd14ba9ddfb5ba9c74572a281afbd933f40b73afa88222afa0fd38c31ab4499cca7a8e0c2cacba4dc7273f0b027c9fc0c7c09acce6c3b4f2e2c3dc638f140a7bdfee251b914f0483c1f56cb0a4f019d0560714e5eaaee0ed2181311c729e648e87fba382f6f2024f18fa78e4f2da48f1ae607e3a4e6f2f68ba0537f664104dc634be208b9c705ba989774fbc925ba372d5f9fb809271ca7d10327a1c33d1e669c78de556f86333a4ba0340ef00b94c6bfa91d9307811b4ae5be4d623355ebe8675a09c7e4205dea67dd8ae2d7e16cb084aa04d73816f00ee9278925dec8d0a12206241e94a75356089005180f1d47319ffe464488e1e6cd19d0c22e951f068f48b95d25cd625eec066035faf33ab35c796443fa89990bd4a74f8415990cefaa0a162f8869db717c6dcdee1b55554c0c1b72010e02103d18e15694c05c8c9be8a67c4e494ecfd5beb31cbf440107cbeaf15ba1618e03a667290c5dab0d01bc64ad8091ea418fd533fba6b9931d86074e923600d9389a73c2a94999d83c94ec4dcf595471565e15ee3e2cffe60725f31a2621d44b5f3bd63abada77d0e331ec93fb6f140fdc439306982c7e01621065d6f1a85ef97b438b3e480b9dcf5699cd4175d1f6ba0863f40d91d0154c3a50219d341d785442a8f6ad89eadda528aff7ffbfe881765183f10a4684abd674edf3947899a3e4eff6a1c0e8050514f564239879cb10bc25e3618ef6b8c68dafd96466ff5468a606a46a0f4f610671b4e48b652b73ca7e3d0dabc834d0193e3b99ec6add51d5c912356ebe7339c25b41bb1ff9d428f9a0a32cb97bb13f50344ea8622376175d85b79b8e57736583833494674bbc4d058f5cd9bd7dbc9baeef5abaa4ebb554cb8c6273bacf43cf22fb3e522fd3e63b16d3a3f44f50451d3a5a000690f8c9c8f612dd81ad340a7bf338d747cdb11908739d605f74025a11a5822ff4cef1f46cad62aaca42751eab3e452b58695e46abd07e689b787cbdff89dcfd0b28d8378dc5ab910b5a7fadf54f7b8d4f3c94e91616321b48638f350ee6a6dad2d7154f5f909a9d6e2bd20d7e266f138354801d46ff137b2320ed711c03f5209a3ae331975e184d312e574d342af9d39bc1cbb0f91c4cd6649ed1dcda43de531195101f304b02853d0c94ffbdf5f8070c3b1e60f1707a60759b674e8851d17888ecaff82a7d728299e9c35c736de5434527aaecc34d1ae8068784b7a95086bdf7e0d0b000378f1858be54bd40b147ec4a64bf01d4ed2567d3e0188d21da88408a6e4b55f73928f3e11d20a6d9ed96e69bef3765081234e2a3406040b9c00440a322cf1cba69f1a116c6ad0eb7cca293dc696c728646fef27ffe4e2bd84e4bcb3296fb8457850908dc6e11b657c7c671d958e8319bff1c09a6e998acaddb5691806952b6bd61756de1732e69bcefc9d8b776c284635f7cde3074b3fe8b8f888f896a46386c306a56f65178f90eeb6a9eeddba0b53841567c313ec02762805549f538f5e9394d5ef5dd0228bcba8f7c8e4b1154f8a0b69c96864753199b947ae5fa90a3b814e650610246737c43ad47359c11667b18d69355e428d08c12f11dbea7ac170f457943cf4215c6f5ce1b157b496d1c448a7e748cc420e334d67eecd1d8a54200e79e0f6ac69253425f7d2c33608432744f97dc55ad6cce6ff71e2c3f48bf555ec29dc9d0710ac3c5d44cf498a7eeef0c1239b6cb5e848348bd97175d38c81ec14e12b962ad4f320d5ec38cadfb067d26ab2b28fd583ca33ef0a1c7cd02c212a127beccada6eaf4049fd6b29e6f31726b2a5ad1c4d1f3dd300f3f1fbea7b96b2f21d5fa4720a5936f3cc0aad0e8d7a0f208eaa905df731f6882dbd875b7c6132e7ad3d261d6b0ecb576ee1da4868a121bff6b58a7595c4727a3615a5f556060b4993b440ab25844c1300ab7fe3a8abdfaa728617391ffb79f8048cdd1608f52fdc92123c4844b7614a71cd4a970736d101b825fb86e23f29149ac7e3710597c4c9"}, 0x1008) ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x2) setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f0000000340)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast1}}}, 0x108) [ 567.339479] CR3 = 0x0000000000000000 [ 567.346965] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 567.380696] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:30 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x140, 0x0) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f0000000040)) r1 = syz_open_dev$video(&(0x7f0000000340)='/dev/video#\x00', 0x7fffffff, 0x0) ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000080)={0x1, 0x0, @raw_data}) [ 567.419296] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 567.440222] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 567.457427] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:30 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x100000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 567.473989] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 567.516011] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 567.538582] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 567.549739] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 567.558108] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 567.566425] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 567.575497] IDTR: limit=0x00000000, base=0x0000000000000000 [ 567.584310] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 567.593471] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 567.600264] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 567.607732] Interruptibility = 00000000 ActivityState = 00000000 [ 567.607738] *** Host State *** [ 567.607751] RIP = 0xffffffff8120427e RSP = 0xffff88017fd87390 [ 567.607775] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 567.607786] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 567.607798] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 567.643602] CR0=0000000080050033 CR3=00000001cae9d000 CR4=00000000001426f0 [ 567.650693] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 567.657375] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 567.663474] *** Control State *** [ 567.666930] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 567.673849] EntryControls=0000d1ff ExitControls=002fefff [ 567.679371] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 567.686377] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 567.693076] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 567.699666] reason=80000021 qualification=0000000000000000 [ 567.706646] IDTVectoring: info=00000000 errcode=00000000 [ 567.712171] TSC Offset = 0xfffffecdea912532 [ 567.716492] EPT pointer = 0x00000001d5f1001e 05:59:31 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x100000000000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:31 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x101) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x3407a, 0x200000000000000}, 0xc, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="180300000004000000"], 0xac}}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) 05:59:31 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = request_key(&(0x7f0000000100)='pkcs7_test\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='-em0\x00', 0xfffffffffffffffd) r2 = request_key(&(0x7f00000001c0)='trusted\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='\\\x00', 0xfffffffffffffffe) r3 = request_key(&(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000300)='\'\x00', 0xfffffffffffffff9) keyctl$dh_compute(0x17, &(0x7f0000000340)={r1, r2, r3}, &(0x7f0000000380)=""/77, 0x4d, &(0x7f0000000440)={&(0x7f0000000400)={'sha1-generic\x00'}}) fallocate(r0, 0x0, 0x5, 0x4fc) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000000)=0x1a4d) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f00000000c0)=0x4) 05:59:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x800000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x4020940d, 0x0) 05:59:31 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:31 executing program 1: getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001900)={0x0, @rand_addr, @local}, &(0x7f00000003c0)=0xc) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x1) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-ssse3\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendto(r2, &(0x7f00005c8f58), 0xfffffffffffffeee, 0x0, &(0x7f0000351ff0)=@ipx={0x4, 0x0, 0x0, "a074edebb7e1"}, 0x10) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000005c0)={0x0, 0x1}, &(0x7f0000001600)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000004cc0)={r4, 0x100000000}, &(0x7f0000004d00)=0x8) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000004c40)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000060164,user_id=', @ANYRESDEC=0x0, @ANYBLOB="43a0fe7567705fff34ad000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) recvmmsg(r1, &(0x7f0000004940)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/217, 0xd9}, {&(0x7f0000000600)=""/217, 0xd9}], 0x2, 0x0, 0x0, 0xfffffffffffffff9}, 0x80000000}, {{&(0x7f0000000240)=@ethernet, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000700)=""/181, 0xb5}], 0x1, 0x0, 0x0, 0x1f}, 0x4dc63369}, {{&(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000000bc0)=[{&(0x7f00000002c0)=""/16, 0x10}, {&(0x7f00000007c0)=""/196, 0xc4}, {&(0x7f0000000500)=""/49, 0x31}, {&(0x7f00000008c0)=""/241, 0xf1}, {&(0x7f00000009c0)=""/248, 0xf8}, {&(0x7f0000000ac0)=""/180, 0xb4}, {&(0x7f0000000540)=""/36, 0x24}, {&(0x7f0000000b80)=""/32, 0x20}], 0x8, &(0x7f0000000c40)=""/91, 0x5b, 0x9}, 0x5}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000cc0)=""/100, 0x64}, {&(0x7f0000000d40)=""/146, 0x92}, {&(0x7f0000000e00)=""/27, 0x1b}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x4, &(0x7f0000000e80)=""/184, 0xb8, 0xc693}, 0xffffffffffff03ff}, {{&(0x7f0000000f40)=@alg, 0x80, &(0x7f0000001180)=[{&(0x7f0000000fc0)=""/48, 0x30}, {&(0x7f0000001000)=""/148, 0x94}, {&(0x7f00000010c0)=""/41, 0x29}, {&(0x7f0000001100)=""/89, 0x59}], 0x4, &(0x7f00000011c0)=""/12, 0xc, 0xfffffffffffffffc}, 0x1}, {{&(0x7f0000001200)=@sco, 0x80, &(0x7f0000001440)=[{&(0x7f0000001280)=""/180, 0xb4}, {&(0x7f0000001340)=""/232, 0xe8}], 0x2, &(0x7f0000001480)=""/242, 0xf2, 0x6}, 0x2d0}, {{&(0x7f0000001580)=@sco, 0x80, &(0x7f0000001600), 0x0, &(0x7f0000002940)=""/4096, 0x1000, 0x9}, 0x7fff}, {{&(0x7f0000001640)=@xdp, 0x80, &(0x7f0000001800)=[{&(0x7f0000003940)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/97, 0x61}, {&(0x7f0000001740)=""/148, 0x94}], 0x3, &(0x7f0000001840)=""/90, 0x5a, 0x4}, 0x7}], 0x8, 0x10000, &(0x7f00000018c0)={0x77359400}) setsockopt$inet_buf(r6, 0x0, 0x2f, &(0x7f0000004b40)="106ab3dc010b21e69366f88d6bf0b8729e1ee7594fbf498295cf738b68dc9fc55cd942121b6142038e5fec333a6aae24bf151d553ff54d27b5aae8ce16d10b40c7b20cb802b44b0e81a6455f3d228c84479ec207e1a82644814c8f9bc0399a6cf10e36f9b5980078c183f9bc0bec2cf1c7a996bc7cab2e4396eec2f8d18bde79483e6957966dca01aaf9bfe02c21ddee93949d8d5004266ed49fc0393c36d120533ce92879ec273052160686006de890574c0e8b56352bb78c606ebb0f51f1a0bcde6d06db391a697910a3c883d16cea2d0a5c75b98c86f43a2612cd4952ef9ac05b8e030cfe591e4d6fc46b82d4", 0xee) creat(&(0x7f0000000040)='./file0\x00', 0x190) r7 = fcntl$getown(r0, 0x9) ptrace$setopts(0x4206, r7, 0xfffffffffffffbfc, 0x8) [ 568.221901] *** Guest State *** [ 568.229645] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 568.248152] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 568.259195] CR3 = 0x0000000000000000 [ 568.266237] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 05:59:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x200000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:31 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x2080) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000080)) r1 = socket(0x10, 0x2, 0x6) r2 = accept4$unix(r1, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e, 0x80800) ioctl$LOOP_SET_FD(r0, 0x4c00, r2) syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') [ 568.273470] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 568.279664] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 568.287178] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.295638] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.330332] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 568.352039] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.393321] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.412860] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.422062] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 568.435301] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 568.443726] IDTR: limit=0x00000000, base=0x0000000000000000 [ 568.453203] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 568.461587] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 568.468335] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 568.484602] Interruptibility = 00000000 ActivityState = 00000000 05:59:31 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x200000001, 0x1, 0x2000000000000009, 0x1}, 0x2c) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000180), 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x18, 0x5}}, &(0x7f0000000200)=""/91, 0x1a, 0x5b}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000180), &(0x7f0000000400)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r0, 0x0, &(0x7f0000000000)=""/108}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'team_slave_1\x00', 0x4}, 0x18) readahead(r1, 0xfde, 0x20) 05:59:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffe0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 568.498512] *** Host State *** [ 568.503023] RIP = 0xffffffff8120427e RSP = 0xffff88018803f390 [ 568.531013] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 568.558936] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 05:59:31 executing program 2: memfd_create(&(0x7f0000000100)='/dev/video#\x00', 0x6) r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x6287, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0x3, @win={{}, 0x0, 0x0, &(0x7f00000000c0)={{}, &(0x7f0000000080)={{}, &(0x7f0000000000)}}, 0x2, &(0x7f0000000100)}}) [ 568.602868] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 568.648493] CR0=0000000080050033 CR3=00000001c7ab3000 CR4=00000000001426e0 [ 568.691228] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 568.724964] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 568.749185] *** Control State *** [ 568.760988] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 568.800078] EntryControls=0000d1ff ExitControls=002fefff [ 568.818131] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 568.835517] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 568.842716] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 568.849454] reason=80000021 qualification=0000000000000000 [ 568.856293] IDTVectoring: info=00000000 errcode=00000000 [ 568.862462] TSC Offset = 0xfffffecd66e51c01 [ 568.866948] EPT pointer = 0x00000001c5b4501e 05:59:31 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xe00000000000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x3f00, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:31 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000001000)=[{&(0x7f00000000c0)="df032783dc5d019de142676dee10e2694c37e067d62f643c481f48a75d7709d6c5", 0x21}], 0x1, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000004c0)=""/246) ioctl$EVIOCGREP(r0, 0x4010744d, &(0x7f0000001000)=""/174) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0x0, 0x0, 0xffffffff7fffffff, [], &(0x7f0000000080)={0x9d0bff, 0x40, [], @string=&(0x7f0000000040)=0x7}}) 05:59:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 05:59:32 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531fdfdffff00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:32 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x235, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x13) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1, 0x2}}, 0xffffffff, 0xf79}, &(0x7f00000004c0)=0x90) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000100)=0x8b89d10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) r2 = socket(0x1e, 0x805, 0x0) r3 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) r4 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000280)=@req3={0x80000000, 0x1}, 0x1c) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94) sendmsg(r2, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d09e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f0000000480), 0x0, &(0x7f00006e9c68)}, 0x0) shmget(0x0, 0x1000, 0x80, &(0x7f0000bfa000/0x1000)=nil) shmget(0x1, 0x3000, 0x8, &(0x7f0000c73000/0x3000)=nil) 05:59:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x500000000000000) 05:59:32 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000100)={0x3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @link_local}]}) ioctl(r0, 0x20000000008912, &(0x7f0000000400)="0a5c2d0240316285717070") fchdir(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0x100a}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {&(0x7f0000000140), 0x2, {0xa, 0x4e21, 0xc7, @local}, r2}}, 0x38) r3 = socket$netlink(0x10, 0x3, 0x0) dup(r3) syz_open_dev$sndpcmc(&(0x7f00000002c0)='/dev/snd/pcmC#D#c\x00', 0x8001, 0x40000) ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, &(0x7f0000000240)={0xc5b, "0f29d603f9558727eb423b4d491d921c4f468aff801ee47eddd378e13955e70c", 0x1, 0x5, 0x0, 0xffffff, 0xe}) write(r3, &(0x7f00000000c0)="2200000020001f0700be0000090007010200001e00003c0000fb0404050016008000", 0x22) 05:59:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x4000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x1000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 569.440257] *** Guest State *** [ 569.457022] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 05:59:32 executing program 2: r0 = eventfd(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f00000002c0)) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000080)={r0, 0x1}) r4 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)="c05d931ccaf0a14b43815e28a66ba6f21ce1ee354ebf785f4844a380513f4e5d7d23d0a86948c514d355bf4352291aacda7543050946bf0c8199465cb3b1cefb00da061b4b4418c7a348150287c1c912b91615753a251548a6999555573467b325f46ddde0574f74d828229d5f4ddac8ef22ca438daddc217e7d52e71d3aeaff76e3cec38bdde58715e6a2c46331c54605eecedf00e73213c3d042d346a7c598e5c710d34073c6f76373dfe489c02ff7e39f2237c0afdc7948fd18ca59fdc30bf9e83c6a3c6683e46e555952f4ec5a97113c7b56912d12e65912d5fcd57a853f6f8b136bcb006176", 0xe8, 0xfffffffffffffffc) keyctl$set_timeout(0xf, r4, 0x8) r5 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000000)={r5}) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f00000000c0)={r5, 0x0, 0x2, r6}) [ 569.502529] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 569.551783] CR3 = 0x0000000000000000 [ 569.559179] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 05:59:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffffffffffffffe0, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 569.595087] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 569.603531] irq bypass consumer (token 000000002159fc68) registration fails: -16 [ 569.617408] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 569.645986] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.678089] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.700016] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 569.708520] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.717016] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.725455] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.743929] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 569.757602] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 569.766137] IDTR: limit=0x00000000, base=0x0000000000000000 [ 569.774739] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 569.799426] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 569.813820] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 569.823305] Interruptibility = 00000000 ActivityState = 00000000 [ 569.831874] *** Host State *** [ 569.842180] RIP = 0xffffffff8120427e RSP = 0xffff8801cd997390 [ 569.856341] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 569.868566] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 569.878157] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 569.884595] CR0=0000000080050033 CR3=00000001cc09b000 CR4=00000000001426f0 [ 569.892222] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 569.899101] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 569.905990] *** Control State *** [ 569.909665] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 569.940010] EntryControls=0000d1ff ExitControls=002fefff [ 569.945820] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 05:59:32 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x3f00000000000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:32 executing program 2: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0xffffffffffffff9c}, 0x10) pwrite64(r0, &(0x7f0000000280)="b9b8aaaeb790753de72bf4e28b9c702c8330c24a77e65565ebf5bb3156ee0fbff00ceb2852422bd9d63c7b7f41abdba029b603a3011490792164092ad8209ad32ae8811f897c1dba0fd3db11c55f0819b17868d7ab649326711fececa5d100943523dbfeabb3c37c6e094eea9ebdfcb1c8d945adc3c5373ab2bc1952150faa585dd578961e114891af72919b5647cc794e996117652187896220f1911272e1e66b1d54f01a2109c54fd79cbefa9e5756bc3827f79cdf130d7ebcbb046890781e6bb2a4cf5a20b9fb02c7e197d7635933f7ce1d0ef52c53ca5e5a4c6b6dce631becf02f67373210fed2f0ed9fe530053c02b67ea72f37f0730b93f7d68c", 0xfd, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000380)={&(0x7f00000000c0)={0x14, 0x1d, 0xffffffff0000000d, 0x0, 0x0, {0x7592da1f}}, 0x14}}, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000100)={0x29, 0x6, 0x0, {0x2, 0x5, 0x63}}, 0x29) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000140)) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r2, 0x2) readlinkat(r2, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=""/25, 0x19) 05:59:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0xffffffffffff0700, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x6000000) [ 569.953106] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 569.960259] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 569.967104] reason=80000021 qualification=0000000000000000 [ 569.974596] IDTVectoring: info=00000000 errcode=00000000 [ 569.980407] TSC Offset = 0xfffffeccc73a3648 [ 569.985043] EPT pointer = 0x00000001bff1401e 05:59:32 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "7175657565310000000100"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 570.167036] *** Guest State *** [ 570.173138] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 570.182818] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 570.192196] CR3 = 0x0000000000000000 [ 570.196134] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 570.202866] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:33 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_drvinfo={0x3, "0e66753aa60d13629b82678d452eb7ec9418e8322f266da77615de2ab1782f36", "f74e217a51cb15e87060947924cb159dd474ed157db18c20fce5b308eb7ee1fa", "a108c34579fee5505f1b036912379d73016252296e525d333afbec9f10da3947", "a7159e6653ede64639a2daae255319b65a2fcebc904e2007ff0c7aeccc508385", "129fc486d908732abde0d8e66c186cc45b2e21067906081a7feaac5a71a9cc64", "9c7b611b74d91f650f151703"}}) r1 = dup(r0) getsockopt$inet_tcp_buf(r1, 0x6, 0xe, &(0x7f00000002c0)=""/4096, &(0x7f00000000c0)=0x1000) fcntl$setpipe(r0, 0x407, 0x9) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000080)={'erspan0\x00', {0x2, 0x4e20, @remote}}) 05:59:33 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x235, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x13) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1, 0x2}}, 0xffffffff, 0xf79}, &(0x7f00000004c0)=0x90) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000100)=0x8b89d10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) r2 = socket(0x1e, 0x805, 0x0) r3 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) r4 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000280)=@req3={0x80000000, 0x1}, 0x1c) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94) sendmsg(r2, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d09e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f0000000480), 0x0, &(0x7f00006e9c68)}, 0x0) shmget(0x0, 0x1000, 0x80, &(0x7f0000bfa000/0x1000)=nil) shmget(0x1, 0x3000, 0x8, &(0x7f0000c73000/0x3000)=nil) 05:59:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x10000000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 570.250709] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 570.261062] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.286311] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.315212] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 570.324275] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.332948] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.341732] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.350272] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 570.359101] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 570.368439] IDTR: limit=0x00000000, base=0x0000000000000000 05:59:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x802, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000080)={0x0, 0x4004400}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000480)={0x0, 0x235, 0xfa00, {0x4, &(0x7f0000000440)}}, 0x13) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cuse\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1, 0x2}}, 0xffffffff, 0xf79}, &(0x7f00000004c0)=0x90) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000100)=0x8b89d10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) r2 = socket(0x1e, 0x805, 0x0) r3 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) r4 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000280)=@req3={0x80000000, 0x1}, 0x1c) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2, 0x3ff}, 0x94) sendmsg(r2, &(0x7f0000030000)={&(0x7f00004f5000)=@generic={0x10000000001e, "0100000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d09e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f0000000480), 0x0, &(0x7f00006e9c68)}, 0x0) shmget(0x0, 0x1000, 0x80, &(0x7f0000bfa000/0x1000)=nil) shmget(0x1, 0x3000, 0x8, &(0x7f0000c73000/0x3000)=nil) 05:59:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x2000, &(0x7f00000002c0)}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 570.463282] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 570.497197] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 570.535238] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 570.610825] Interruptibility = 00000000 ActivityState = 00000000 [ 570.669381] *** Host State *** [ 570.692798] RIP = 0xffffffff8120427e RSP = 0xffff880185bdf390 05:59:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 570.738432] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 570.776220] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 570.815425] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 570.829119] CR0=0000000080050033 CR3=00000001bb14e000 CR4=00000000001426f0 [ 570.852020] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 570.875109] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 570.911845] *** Control State *** 05:59:33 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x4000000000000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 570.929675] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:59:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x200000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 570.973873] EntryControls=0000d1ff ExitControls=002fefff [ 571.005694] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 571.054400] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 571.084741] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 05:59:34 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "7175657565310000001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 571.115294] reason=80000021 qualification=0000000000000000 [ 571.175699] IDTVectoring: info=00000000 errcode=00000000 [ 571.206806] TSC Offset = 0xfffffecc5dea24ad 05:59:34 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mkdir(&(0x7f0000000180)='./control\x00', 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vsock\x00', 0x200000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) socket$inet6(0xa, 0x20800a2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x3, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x13f}}, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1f) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000880)={@un=@abs={0x1, 0x0, 0x4e21}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) accept4$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14, 0x80000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', r1}) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x64ca1839, 0x0, 0x8001, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x20, 0x4, 0x7f, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffd5c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8026, 0x0, 0x0, 0x1, 0x7, 0xfffffffffffffff8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), &(0x7f0000000080)=0x4) close(0xffffffffffffffff) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x3, @remote, 0x8d}, 0x1c) [ 571.234904] EPT pointer = 0x00000001bea2c01e 05:59:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x2000000000000000) 05:59:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x3f00000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000100), 0x4) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f00000005c0)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000600), 0x0) ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000080)) wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)=ANY=[@ANYBLOB="2efbd86b4e94bc4c3a8099f0b6ff6769ab87d541f9c0f06c2588bc7394969dd18ba84c4d2155807c83da55b0462cb5577e50250b61f245d8421be0b1405f6da28a2c19ebfc41057a52416ac4868d5415a0f79b52c268a2f6bcbda9513ef8a2635e20c48263d70fb0f1c228895be70936fd6d07"]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000100)={[], 0x7a, 0x5531fee, 0xffffffff, 0x0, 0x9, 0xf000, 0x1d000, [], 0x5}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, r3, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f0000000480)="660f38816b0066baf80cb8509b4186ef66bafc0cb87a5b0000ef400f09440f20c0350d000000440f22c0b991000040b8e4dd0000ba000000000f30b9800000c00f3235002000000f3066450f083ef2650f01c90f01d1c7442400d3000000c7442402e4000000c7442406000000000f011424", 0x72}], 0x1, 0x0, &(0x7f0000000200), 0x0) [ 571.393720] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 571.414015] *** Guest State *** [ 571.417447] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 05:59:34 executing program 1: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mkdir(&(0x7f0000000180)='./control\x00', 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vsock\x00', 0x200000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) socket$inet6(0xa, 0x20800a2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x3, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0), 0x13f}}, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1f) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000880)={@un=@abs={0x1, 0x0, 0x4e21}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) accept4$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14, 0x80000) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', r1}) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x64ca1839, 0x0, 0x8001, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x20, 0x4, 0x7f, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffd5c2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x8}, 0x8026, 0x0, 0x0, 0x1, 0x7, 0xfffffffffffffff8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), &(0x7f0000000080)=0x4) close(0xffffffffffffffff) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r2 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x3, @remote, 0x8d}, 0x1c) 05:59:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x800000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 571.450765] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 571.485503] CR3 = 0x0000000000000000 [ 571.499243] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 571.505517] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 571.514336] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 571.521945] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.531841] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.561535] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 571.579493] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.600164] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? 05:59:34 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0xfffffffffffffffb) mkdir(&(0x7f0000000100)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file1/file0\x00') rename(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000280)='./file2\x00') 05:59:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x600000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 571.609955] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.669737] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.682608] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 571.710409] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 571.737754] IDTR: limit=0x00000000, base=0x0000000000000000 [ 571.750247] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 571.779061] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 571.804706] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 05:59:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x40000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 571.830684] Interruptibility = 00000000 ActivityState = 00000000 [ 571.855050] *** Host State *** [ 571.866422] RIP = 0xffffffff8120427e RSP = 0xffff88017e94f390 05:59:34 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x40000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 571.904917] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 571.953643] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 05:59:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffffffe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 572.015187] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 572.048285] CR0=0000000080050033 CR3=00000001cb2b6000 CR4=00000000001426e0 [ 572.109755] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 572.143759] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 572.149982] *** Control State *** [ 572.153515] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:59:35 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00?\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 572.160567] EntryControls=0000d1ff ExitControls=002fefff [ 572.180014] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 572.187636] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 572.194505] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 572.205703] reason=80000021 qualification=0000000000000000 [ 572.218146] IDTVectoring: info=00000000 errcode=00000000 [ 572.227138] TSC Offset = 0xfffffecbb68079be [ 572.238465] EPT pointer = 0x00000001c592f01e 05:59:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x3000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0xffffff7f00000000) 05:59:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000400)) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f00005a1000)={0xfffffffffffffffd}, &(0x7f00000003c0), &(0x7f0000000180)={0x77359400}, 0xffffffffffffff73) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100)={0x0, 0x1}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)={r1, 0x1, 0x4, [0x100, 0x100000000, 0xfffffffffffff000, 0x8]}, &(0x7f0000000200)=0x10) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000040)={'filter\x00'}, &(0x7f00000000c0)=0x44) sendmsg$key(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f0000000240)=ANY=[@ANYBLOB="020f0000150000000000000000000001010018000000000008001200000003000000000000000000060000000000000000000000000000000000000000000000000000000000ca908b54524fdc1f0000000002000000000105000500000000000a0000000000000000000000000000000000ffffac141400000000000000000005000600000000000a00000000000000fe8000000000000000000000000000ff00000000000000002d01fa3c8c6968ca74b435cae67523046a28e19ea641344b8f578c2c87d5b70b5eecf62182de95c229272513860c475ac03c73502af4a69600095bd7b708bb9ceb9832b436f805540d453ba6d9097a104d869e9dd5328dbdd46ce21a22836e521dc37d8d3030fb4f5a2de14647c5597e146ce41e29db17ba8cedbdb566693e1daa5ee219c380ddc200"], 0xa8}}, 0x0) 05:59:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000780)={0x2}) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000100), 0x4) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f00000005c0)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000600), 0x0) ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f0000000080)) wait4(0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, &(0x7f0000c97ff8)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000002c0)=ANY=[@ANYBLOB="2efbd86b4e94bc4c3a8099f0b6ff6769ab87d541f9c0f06c2588bc7394969dd18ba84c4d2155807c83da55b0462cb5577e50250b61f245d8421be0b1405f6da28a2c19ebfc41057a52416ac4868d5415a0f79b52c268a2f6bcbda9513ef8a2635e20c48263d70fb0f1c228895be70936fd6d07"]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000d7c000)) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000100)={[], 0x7a, 0x5531fee, 0xffffffff, 0x0, 0x9, 0xf000, 0x1d000, [], 0x5}) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e73000/0x2000)=nil, 0x2000, 0x0, 0x8031, r3, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000500)=[@text64={0x40, &(0x7f0000000480)="660f38816b0066baf80cb8509b4186ef66bafc0cb87a5b0000ef400f09440f20c0350d000000440f22c0b991000040b8e4dd0000ba000000000f30b9800000c00f3235002000000f3066450f083ef2650f01c90f01d1c7442400d3000000c7442402e4000000c7442406000000000f011424", 0x72}], 0x1, 0x0, &(0x7f0000000200), 0x0) [ 572.440230] *** Guest State *** [ 572.443766] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 572.469240] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 05:59:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x300}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 572.500016] CR3 = 0x0000000000000000 [ 572.512105] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 572.530796] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 572.550478] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 572.569043] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.578189] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.586847] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 05:59:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x408}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 572.616978] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.671740] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.713333] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.722747] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 572.731149] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 572.739305] IDTR: limit=0x00000000, base=0x0000000000000000 [ 572.747740] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 572.756116] EFER = 0x0000000000000000 PAT = 0x0007040600070406 05:59:35 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000140)={&(0x7f00003c7ff4), 0xc, &(0x7f00000bfff0)={&(0x7f0000000040)=ANY=[@ANYBLOB="b800dd00190001000000000000000000ff011200000000ef0500000000000001e000000101000000000000000081000000000000008000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x11f}}, 0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x2a, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0xa4ffffff]}}}, 0x0, 0x1fffffe}, 0x90) [ 572.762916] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 572.770720] Interruptibility = 00000000 ActivityState = 00000000 [ 572.777082] *** Host State *** [ 572.780745] RIP = 0xffffffff8120427e RSP = 0xffff88017e94f390 [ 572.787764] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 572.794589] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 572.802783] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 572.810090] CR0=0000000080050033 CR3=00000001ba8db000 CR4=00000000001426e0 [ 572.817249] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 572.828707] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 572.853795] *** Control State *** 05:59:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:35 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x1000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 572.862598] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 05:59:35 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000280), &(0x7f00000002c0)=0x4) r1 = socket(0x0, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="5a0204cb94ff7facf9adf0a2c4c72b062a6b6ad3e2e71344083223cd2e6edb53a8038564064491c969031387236f007ea1ea087423"], &(0x7f00000000c0)={0x1, 0x4, [0x461, 0x0, 0x525, 0x8f3]}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f00005befdc)) r3 = syz_open_pts(r2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r4, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000580)) setsockopt$inet_mreqsrc(r5, 0x0, 0x0, &(0x7f000001b000)={@multicast2, @loopback, @multicast1}, 0xc) r6 = syz_open_procfs(0x0, &(0x7f0000000200)='gid_map\x00') r7 = syz_open_procfs(0x0, &(0x7f0000000380)='projid_map\x00') ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x0, 0xfff}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f00000002c0)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}, &(0x7f0000000300)=0xc) sendfile(r7, r6, &(0x7f0000000040), 0x10001) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e24, 0x1, @remote, 0x285}}, [0x1, 0x8, 0x10001, 0xfffffffffffffff7, 0x7, 0x5, 0x25b3, 0x0, 0x3, 0x7e95, 0x84d, 0x3f, 0x0, 0x1, 0x5]}, &(0x7f0000000340)=0x100) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000540)=@assoc_value={r8, 0x4}, 0x8) read(r7, &(0x7f0000000100)=""/252, 0xfc) connect$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) get_thread_area(&(0x7f0000000000)={0x0, 0x20001000, 0x2400, 0x80000001, 0x0, 0x8, 0x0, 0xf9, 0x1, 0x80000000}) setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @loopback, @dev}, 0xc) ioctl$TIOCLINUX7(r6, 0x541c, &(0x7f0000000240)={0x7, 0x3d05}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000280)=0xe) ioctl$TCFLSH(r3, 0x540b, 0x0) recvmsg$kcm(r1, &(0x7f0000000d40)={&(0x7f0000000800)=@l2, 0x80, &(0x7f00000004c0)=[{&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000000040)=""/37, 0x25}, {&(0x7f0000000880)=""/236, 0xec}, {&(0x7f0000002600)=""/4096, 0x1000}, {&(0x7f0000000bc0)=""/5, 0x5}], 0x5, &(0x7f0000000cc0)=""/71, 0x47}, 0x40000100) [ 572.927447] EntryControls=0000d1ff ExitControls=002fefff [ 572.965968] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 573.019637] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 573.048392] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 573.055247] reason=80000021 qualification=0000000000000000 [ 573.061791] IDTVectoring: info=00000000 errcode=00000000 05:59:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x4800000000000000) [ 573.067447] TSC Offset = 0xfffffecb27b36586 [ 573.072122] EPT pointer = 0x00000001d246601e 05:59:36 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00@\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x1000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xe0ff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 573.240354] *** Guest State *** [ 573.243754] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 573.338569] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 573.380936] CR3 = 0x0000000000000000 [ 573.384916] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 573.396748] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 573.407699] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 573.420649] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 573.436111] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 573.445145] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 573.457955] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 573.470297] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 573.486579] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 573.494895] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 573.503258] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 05:59:36 executing program 2: r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000400)={&(0x7f0000000340)='./file0\x00', 0x0, 0x8}, 0x10) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000440)='trusted.overlay.redirect\x00', &(0x7f0000000480)='./file0\x00', 0x8, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, &(0x7f00000007c0)) mount(&(0x7f0000000500)=ANY=[], &(0x7f0000000540)='./file0\x00', &(0x7f00000003c0)='bdev\x00', 0x100000, &(0x7f0000000380)='em0vmnet1\x00') mount(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', &(0x7f0000000140)="760001b076", 0x3080, &(0x7f0000000200)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='trusted.overlay.nlink\x00', &(0x7f0000000600)={'L-', 0x6}, 0x28, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000640)='/dev/input/mice\x00', 0x0, 0x400c00) mkdirat(r1, &(0x7f0000000680)='./file0/file0\x00', 0x4) mount(&(0x7f0000000240), &(0x7f0000000080)='.', &(0x7f0000000040)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000200)=ANY=[@ANYBLOB="9e2906525e972ffb42fe5d2300fb2bd525a4a9cc2c0a400dfb675cab796c33900f5899d576123d9f14b0f635d4f6009a07a0e617d34e3f216bd4f069cd95dc9fec0b94ee154cb9dcacef4986b4cfb559955fcf69cc2f8461c4610ac5133a4a4045feb6849f731afe8afca128baabd661ab7e744032170028e629973a9ee61b216db12a80599d1d"], &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4a, &(0x7f0000000500)=0x100, 0x4) umount2(&(0x7f0000000100)='./file0\x00', 0x0) chdir(&(0x7f00000002c0)='./file0\x00') umount2(&(0x7f00000001c0)='./file0\x00', 0x0) 05:59:36 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x3a000000}, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x2, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000100)) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x40, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7, 0x40) [ 573.533517] IDTR: limit=0x00000000, base=0x0000000000000000 [ 573.549016] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:36 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}]}}) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080), &(0x7f0000000240)=0x4) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000280)={r1}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00000000c0)={0xffffffffffffffff}) sendmmsg(r2, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000003480)}], 0x1, &(0x7f0000003540)=ANY=[]}}], 0x1, 0x8000) r3 = dup(r0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000380)={{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@rand_addr}}, &(0x7f0000000480)=0xe8) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x480}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=@delqdisc={0x74, 0x25, 0x118, 0x70bd26, 0x25dfdbfc, {0x0, r4, {0xfff0, 0x4}, {0xffff, 0xe}, {0xffff, 0x5}}, [@TCA_RATE={0x8, 0x5, {0x3, 0x100}}, @TCA_RATE={0x8, 0x5, {0x7fff, 0x553}}, @TCA_INGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_multiq={{0xc, 0x1, 'multiq\x00'}, {0x8, 0x2, {0x6415, 0x2}}}, @TCA_STAB={0x1c, 0x8, [@TCA_STAB_DATA={0x10, 0x2, [0x9, 0x9, 0x3f, 0x6, 0x7fffffff, 0xffffffffffffa541]}, @TCA_STAB_DATA={0x8, 0x2, [0x3]}]}, @TCA_RATE={0x8, 0x5, {0x4, 0x4}}]}, 0x74}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)) 05:59:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x3}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 573.575986] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 573.603419] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 573.649511] Interruptibility = 00000000 ActivityState = 00000000 [ 573.668503] *** Host State *** [ 573.671958] RIP = 0xffffffff8120427e RSP = 0xffff88018443f390 [ 573.677955] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 573.692669] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 573.700720] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 573.706607] CR0=0000000080050033 CR3=00000001c6580000 CR4=00000000001426f0 [ 573.706624] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 573.706637] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 573.706642] *** Control State *** [ 573.706669] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 573.706677] EntryControls=0000d1ff ExitControls=002fefff [ 573.706691] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 05:59:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x804000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 573.706700] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 573.706707] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 573.706720] reason=80000021 qualification=0000000000000000 [ 573.706726] IDTVectoring: info=00000000 errcode=00000000 [ 573.706731] TSC Offset = 0xfffffecabb23bd0e [ 573.706739] EPT pointer = 0x00000001b774101e 05:59:38 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xfffffdfd, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:38 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x9, 0xae6e, 0x9, 0x1, 0xffffffffffffff9c, 0xffffffffffffff8a}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r1, &(0x7f00000000c0)="b8e04a86d6fb8671afef7c5a26", &(0x7f0000000100)=""/76}, 0x18) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000380)=0xc) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000840), 0x0, &(0x7f00000002c0)}, 0x0) fdatasync(r0) close(0xffffffffffffffff) 05:59:38 executing program 2: r0 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x2}, 0xfeda) r1 = socket(0x1e, 0x805, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xec63) sendmsg(r0, &(0x7f0000000140)={&(0x7f00004f5000)=@generic={0x10000000001e, "0200000900000000000000000226cc573c080000003724c71e14dd6a739effea1b48006be61ffe0000e103000000f8000004003f010039d8f986ff01000300000004af50d50700000000000000e3ad316a1983000000001d00e0dfcb24281e27800000100076c3979ac40000bd15020078a1dfd300881a8365b1b16d7436"}, 0x80, &(0x7f0000447ff0), 0x0, &(0x7f00006e9c68)}, 0x0) r2 = gettid() setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x2, 0x8, 0xffffffff, 0x3, 0x7946, 0x2, 0x4}, 0x1c) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000340), &(0x7f0000000180)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, &(0x7f0000040000)) tkill(r2, 0x401104000000016) 05:59:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x6800000000000000) 05:59:38 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xfffffffe}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:38 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:38 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffffffff00000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:38 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) syz_emit_ethernet(0x1, &(0x7f0000000240)=ANY=[@ANYRESOCT=r1], &(0x7f0000000080)) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x80000000, 0x311040) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f0000000040)) unshare(0x40000600) set_robust_list(&(0x7f0000000300)={&(0x7f0000000140)={&(0x7f0000000100)}, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)}}, 0x18) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000380)="2f6465762f736e642f70636d432344236300cdc5cc01be24e79f87ae663b72d374c1db3856e4eb0c9a6e169a2f") fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)={0x0, 0x0}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r3, 0x9, 0x0, 0x7f, 0x89cc}) perf_event_open(&(0x7f0000000180)={0x5, 0x70, 0x0, 0xa15, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x2, 0x6a, 0x0, 0x3ff, 0x6, 0x0, 0xff, 0x3, 0x80000001, 0x6, 0x100, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x100000001, 0x7fffffff, 0x2, 0x7, 0x101, 0x8198, 0x4, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x2000000000}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5}, r4, 0x5, r0, 0x0) fcntl$getflags(r3, 0xb) fcntl$getownex(r3, 0x10, &(0x7f00000000c0)) [ 576.062216] *** Guest State *** [ 576.065534] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 576.075162] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 576.085026] CR3 = 0x0000000000000000 [ 576.101200] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 576.144530] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 576.176659] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 05:59:39 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x80000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 576.199736] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.207996] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.217572] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 576.226456] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.241624] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.250285] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.258780] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 576.269015] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 576.275180] IPVS: ftp: loaded support on port[0] = 21 [ 576.277283] IDTR: limit=0x00000000, base=0x0000000000000000 [ 576.292095] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.315479] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 576.325277] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 576.333402] Interruptibility = 00000000 ActivityState = 00000000 [ 576.340216] *** Host State *** [ 576.343704] RIP = 0xffffffff8120427e RSP = 0xffff880184147390 [ 576.350375] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 576.357117] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 05:59:39 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xe0ffffffffffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 576.366534] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 576.372984] CR0=0000000080050033 CR3=00000001cc120000 CR4=00000000001426e0 [ 576.380940] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 576.387907] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 576.405252] *** Control State *** [ 576.413853] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 576.433520] EntryControls=0000d1ff ExitControls=002fefff [ 576.445498] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 576.453331] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 576.486425] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 576.514136] reason=80000021 qualification=0000000000000000 05:59:39 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x20000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 576.538459] IDTVectoring: info=00000000 errcode=00000000 [ 576.554096] TSC Offset = 0xfffffec9356063f0 [ 576.565052] EPT pointer = 0x00000001b78e801e 05:59:39 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x48000000) [ 576.767351] *** Guest State *** [ 576.771715] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 576.780998] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 576.781014] CR3 = 0x0000000000000000 [ 576.781023] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 576.781034] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 576.781049] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 576.781063] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.781083] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.781102] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 576.781120] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.781139] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.781158] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.876161] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 576.889517] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 576.898057] IDTR: limit=0x00000000, base=0x0000000000000000 [ 576.909732] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 576.928255] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 576.935596] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 576.943968] Interruptibility = 00000000 ActivityState = 00000000 [ 576.960102] *** Host State *** [ 576.963439] RIP = 0xffffffff8120427e RSP = 0xffff88017e58f390 [ 576.973091] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 576.983240] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 576.991544] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 576.997574] CR0=0000000080050033 CR3=00000001cc120000 CR4=00000000001426e0 [ 577.004764] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 577.011624] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 577.017768] *** Control State *** [ 577.021390] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 577.028179] EntryControls=0000d1ff ExitControls=002fefff [ 577.042823] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 577.049786] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 577.075271] IPVS: ftp: loaded support on port[0] = 21 [ 577.080820] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 577.087407] reason=80000021 qualification=0000000000000000 [ 577.087416] IDTVectoring: info=00000000 errcode=00000000 [ 577.087422] TSC Offset = 0xfffffec8d4317569 [ 577.087436] EPT pointer = 0x00000001c27ea01e 05:59:41 executing program 2: ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x7) r0 = socket$pptp(0x18, 0x1, 0x2) getpeername(r0, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000001c0)=0x80) socket$pppoe(0x18, 0x1, 0x0) vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000000300)="d8", 0x1}], 0x1, 0x0) 05:59:41 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffffffffffffffe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:41 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x3f00, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:41 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00@\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x74000000) 05:59:42 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x3, 0x0) r1 = dup2(r0, r0) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000000), 0x2) ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f00000000c0)) 05:59:42 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x7ffffffffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 579.252759] *** Guest State *** [ 579.256195] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 579.265182] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 579.274285] CR3 = 0x0000000000000000 [ 579.278118] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 579.284245] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 579.290472] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 579.297231] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.305373] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.313508] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 579.328851] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.354688] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.379376] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.449611] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 579.473305] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 579.490136] IDTR: limit=0x00000000, base=0x0000000000000000 [ 579.516360] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 579.533002] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 579.559948] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 579.584649] Interruptibility = 00000000 ActivityState = 00000000 [ 579.593023] *** Host State *** [ 579.596315] RIP = 0xffffffff8120427e RSP = 0xffff8801d5057390 [ 579.610057] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 579.629939] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 579.637852] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 579.660003] CR0=0000000080050033 CR3=00000001d5060000 CR4=00000000001426f0 [ 579.667210] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 579.689937] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 579.696208] *** Control State *** [ 579.699753] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 579.720688] EntryControls=0000d1ff ExitControls=002fefff [ 579.726345] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 579.780012] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 579.809973] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 579.840010] reason=80000021 qualification=0000000000000000 [ 579.870017] IDTVectoring: info=00000000 errcode=00000000 [ 579.879072] TSC Offset = 0xfffffec78dc8a54a [ 579.891422] EPT pointer = 0x00000001cdc2d01e 05:59:56 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getpeername$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000200)=0x1c) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x2000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x8000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000100)=0x5, 0x4) setsockopt$inet_mreqsrc(r2, 0x6, 0x8, &(0x7f0000013ff4)={@local, @rand_addr, @remote}, 0xc) close(r0) 05:59:56 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) r1 = fcntl$getown(r0, 0x9) ptrace(0x4218, r1) r2 = getpid() sched_setscheduler(r1, 0x5, &(0x7f00000000c0)=0xfffffffffffffffe) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x7ffffffff004, 0x0, 0x10, r0, 0x0) sched_setscheduler(r2, 0x3, &(0x7f0000000000)=0x2) 05:59:56 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0xffffff7f) 05:59:56 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00@\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:56 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x4000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 594.062687] *** Guest State *** [ 594.066152] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 594.075184] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 594.084510] CR3 = 0x0000000000000000 [ 594.095923] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 594.102595] RFLAGS=0x00000006 DR7 = 0x0000000000000400 05:59:56 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 594.108795] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 594.116005] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.129110] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.137541] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 05:59:57 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x200007fa, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) link(&(0x7f0000000240)='./file0\x00', &(0x7f0000000080)='./file0\x00') setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000001c0)=0x4, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x820, 0x4) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000), 0xfddb) r1 = dup2(r0, r0) getpeername$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000340)=0x1c) ioctl$TIOCSCTTY(r1, 0x540e, 0x9) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f00000002c0)={{0x2, 0x4e23}, {0x1, @dev={[], 0x1a}}, 0x10, {0x2, 0x4e20, @local}, 'gre0\x00'}) r2 = socket$inet6(0xa, 0x80001, 0x0) ioctl(r2, 0x8912, &(0x7f0000000280)="025cc80700145f8f764070") setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000380)='ipddp0\x00', 0x10) r3 = socket(0x10, 0x2, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0xce31) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r7 = socket(0x1f, 0x20000000001, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x4e23, @loopback}}}, 0x88) clock_gettime(0x0, &(0x7f0000000180)={0x0}) setsockopt$sock_timeval(r6, 0x1, 0xc, &(0x7f0000000100)={r8}, 0x10) syncfs(r2) sendfile(r3, r4, &(0x7f00000000c0), 0xc6) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000440)={{0x2, 0x4e23}, {0x7, @dev={[], 0x18}}, 0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x12}}, 'bridge_slave_1\x00'}) ioctl$TIOCGETD(r4, 0x5424, &(0x7f00000003c0)) r9 = fcntl$dupfd(r0, 0x406, r0) writev(r9, &(0x7f00000004c0), 0x0) 05:59:57 executing program 1: set_thread_area(&(0x7f0000000040)={0x9, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3948, 0x200, 0x2, 0x4, 0x3, 0x80}) r0 = open(&(0x7f000000cff8)='./file0\x00', 0x80040, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) capset(&(0x7f0000000140)={0x20071026}, &(0x7f0000000180)) mknod(&(0x7f0000002d40)='./file0\x00', 0x0, 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x0) mount(&(0x7f0000000100)=ANY=[@ANYBLOB="d4516bc28589143a684036"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='nfs4\x00', 0x0, &(0x7f00000000c0)='v4') write$tun(r0, &(0x7f0000000200)={@val, @void, @eth={@empty, @dev={[], 0x15}, [{[{0x9100, 0xf0000000000, 0x80000000, 0x2}], {0x8100, 0x5, 0x8, 0x3}}], {@mpls_mc={0x8848, {[], @ipv6={0xfe, 0x6, "0e0c49", 0x31e, 0x0, 0x969e, @loopback, @empty, {[@hopopts={0xbf, 0x40, [], [@calipso={0x7, 0x28, {0x8, 0x8, 0x0, 0xea3, [0x8000, 0x7, 0x8001, 0x3f]}}, @enc_lim={0x4, 0x1, 0x100000000}, @calipso={0x7, 0x38, {0x8000, 0xc, 0xece, 0x401, [0x8, 0x3, 0x1, 0x100000000, 0x9, 0xfff]}}, @calipso={0x7, 0x58, {0x5, 0x14, 0x1, 0x8, [0x400, 0x4, 0x100, 0x7ff, 0x0, 0x1, 0x1, 0xff, 0x732, 0x1]}}, @calipso={0x7, 0x38, {0x100, 0xc, 0x1, 0xfffffffffffffff9, [0x7, 0x0, 0x5, 0x9eea, 0x10000, 0x6]}}, @generic={0x2, 0xdb, "0d1d3880e1bf4a902979a19b526afed01f9d60b56bfe7e7fc0ed391fd0559fd38220e899813e2d3dfbbd9554d31f85469126ffb5fa74d2720bdec14b102cbbe9ae7189906d3ec392d267c3c78f6af6e1f3fbb89520c21bb17fa60203d6c933961839584be72f15a3b688c23e12336c166eed3c212198b4328038de43ee0daae3da888a06490ef153106f4dba51cc6395fce82fb80b7e20c0ba36c369fa7722087919fdeffa336e541e43d2f4c411a713ae4a3d8aa45d43a5dd160e5e13464e1432e98cb3d42cf2f0d6973925829b7f3f1023ed5368e1c195a5cf02"}, @enc_lim={0x4, 0x1, 0x31}, @calipso={0x7, 0x28, {0x4, 0x8, 0x81, 0x7, [0x61aa, 0x5, 0x400, 0x6]}}]}], @udp={0x4e22, 0x4e22, 0x10e, 0x0, [@guehdr={0x1, 0xfb, 0x9, 0xc82c}, @guehdr={0x1, 0x1, 0x5177, 0x7fff, 0x100}, @guehdr={0x1, 0x4, 0x7, 0x81e5, 0x100}, @guehdr={0x2, 0x8, 0x6, 0x9, 0x100, [0x80]}, @guehdr={0x2, 0x4, 0x1f, 0x6, 0x100, [0x0]}, @guehdr={0x1, 0x4, 0x100000001, 0x0, 0x100}, @guehdr={0x1, 0xfffffffffffffeff, 0x2, 0x24000000, 0x100}, @guehdr={0x1, 0x8, 0x5, 0x8001}], "58de1cc2d831da4a8cf3a4fff19973182f985b23039e4fc520e3bf035d60579baff627a455ef5a33ce2ca99d9f4ca7c891858579e97443a0f69e879420a874e6a16948df24026ac03f4d497ea88923651c0d8960afe7c266e809c534e560e76153004954fa820d48782c635bc1a50ccd7d2d701fcb57a3f0581d0d971c3d68bf35bdb56d061b643f8b7a53f62ef67ff238df41861f3ccb622cdcc3d31a0e7db16c3690153429a97361bbdda5f97ca318bdd61d2424a78d39e07ee8da26b957c4d99c1e2ec8924d9fe8a9932def692c134a5614499d9c1a416f397011393e"}}}}}}}}, 0x360) [ 594.159226] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.172408] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.183415] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.220449] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 594.246874] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 05:59:57 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000013c0)=[{&(0x7f0000000180)="01741ca70310370c133f2552ebe47685e2a272443bb97e346dea31f7ff1fe510f0676f435a33c5f71b20fe495e7348a1a81e69ec620753a9c45baa2ab4862fd6e1f64e36ff5c1726bb64fb051cd65c6b965a992ee411869b1dc185ec6ae91a26041b63b9c4207df7106a74acbdf6c3a7ab644e9933ad8416b5dc97bfbf420161c0fea81c47ce3c8486c19b16c1dd331a5077bb09520ec11a9eea39084909a13bc8130e18554b97901585c3055f46e8e02e4ec45dd56f92bd103b857bc15355966b5182661efe9d1487ab62b915663b4753dcaf8f33faf7e57a380ef40ef97cad2239b1edfda954bece54fbdf2c1b1dd9bb97cea834b7787dc390952798d810dcfaaca0294d6dbd57bced076cf3b9da34af15c01820706198b5ddb7db89ca758dd6b2651f0e5e3b5b7cc4d5b86e7d7f88f49cb7dfdf4a1bcb53aad629b2dc2c0ef482eeaf6edcf6e43e92409de22b28d07561b2196f55ebb7d7f35101a5b055dfba3c8bbccd122dff98dead08b4248247c6a321003bc850df87adf5806e0567762a3611e9be1fb2acbfea4204a8dead73e22baf88a194156b8b49ecbcafe807469f37cfe196938d37d6fa86c3dcadf8e88e7e7914566c6fac0930994758732c75efc3d36e31417ec6870e261fed9f18d1219920b6c8f72cc2e99591b302b222b87400e980d9ef61468fdaf34ef2a1d955bf3d84d3d6714e3f69b32f6b92988b5d0781a044b61d009c60ce0f2aa08a2e66793d13db767d5051fe09069e36a14dbe5fae6a01b0a411913661b367ddf43b2f4c5e9c2eea2c0dc821f2c50c92bb9ac78d6548d0b2ef435fe2037a3e0c8bcd0f58edc2e68a4acc24f2fd85e42bb52829459109b529a762fef7fd463ce61b3637822c80c6764c479beac9d6ad27993573ae36e77c3300bf6cff85f754f3b6a71095942373f011c977086915f78bd7b58f693162afe4b9bbd1cf874f08920c539ea13966b3f21c2eabf95ce6f1adf6d3fc03f1383e35d46480167edd573d1b1bd8d93e5d061bb65833a31ecde661ef00d8d0c9b56785057cb38484ac529135cc722f2f0a3c8f9b0a0030c8e23d5894dca269cd55da1e6e0263c42db88fb27a79baabccdf75b448da11d8e549d17df5219ab7fba331da1392d8fd60c21c0572e9a19b0e3d9dfca78a8bca4556c26159a25d68fe4b99d83feadb1d1cd2f228af94555e5c0d7c882b6c07f0772a13171c68c7bcf816105447a28911fa69789d05ead83f05aa29258b3f17dbafd8d0065ca80ce9e74c8f25b2a7c35fc082442aa722290f6616c6c64fcc1317d5aea93120c49b938343914fe6f607094806f823b3a72af01c4bd104cf7093c52189f4b8e7eb0eda2cf533c61f1cc78aa7649b16303d9a9f25f2740685b3eb2e0cfe4b5ca592460fea271b25cd63171ee62375c40f62e303805157fc9b7008fd70405b3b987c6caaff10a0cf1dd3e1fab78cbfeb507d6b20e2e1ac478d1b0c945e741003dff0687d7e3a10b7320f6120ff05377195c74233d8b26c2907d67b6d8f14c5ce272b5da2848f178d5eed1966bd9349633aaf619aedd1220a277f548e4c87658ab40d9cd7fea0c39989c8ccd500a1ca9e4583e105cfd48d8da599a0931899a01aebc44986a9075ace361d76798f16b6c4418bf56b851637bb327ac9b625cc14ffc56eaf8f5836c8b60aafaf179114bb34fe301c895569cddc1c0be9048f2d31ae4bddecbcf9d1757966ce68900b5d7010ee1e6d3b5af36c7f0dba069060558c354ba3ecd186a12675c6f1b3712560f20104b627da325e172dee456b8134ddae4c7a9ecc15662f3610b86c408f4d79d3688f371ea510b302bcfec8cc3de1a83ab5bf4c815d59201681ab0e328a71b5b22c1eb7c9a6da8455c71066b280ede56726726e970be9403771a5bb5aff19e2a5fb9b9a5a8dadc01eb2975f1ee149fbebdd40dc192ff0c7ef900d8a438147db39e0046eb868b674550c749ba0b21fd21fc0bfdf3adca801afa1207d970156349e12038c5f58c447040258c2e7bbd0517810669ef3f3b71eee76a60e97e58917f5c4941acd0b9cd5bff422129f2741a52cd89dc6ec159f65be157ea51ce46e07ca3798231df26722f700b97eaa1769dc64ccb8fb085587ea181e27d119c612a57f335875b352e74d687541da088920ce9112c6a049aa1ec4aefe24f64eb4872c0162f4a58ee861383406814c3161194231ba539d114a9b447a21d8c55373a27dbf6af35aeca64fcd269c35963c3e89bd1258be64c7b4cef6aa232a278598a363aa76885672185d403dd2e2aeb8ca40751d3e7708445a9d4d903b857859d56e08e73c5aabfdfb119d0e7dac191fa2f658de18d06deb36a3c72c871bd6bb9fb75643b4870213138f152bb6779beb26161b02c53d612fe4e7dcd463f07229a54f19b4b2c0c839e1c5d92916f6fa9de46deea2a9d130f1cbac606f48bcefe79fc90c44715b7ecbbbea2df363af1f39357d0e22b5fce2aac7fac2f12e1e30f8392e20a0a558ad678e6bbea54b99f0883e9327a445a207040b89b0037224f0f19a9edc039042e3299e14eba1ca0a0dfbdee1b9da4c3fe16288bad6b19bd4eadd3dbf895220d9c1d96c3e07c388dcdf56b3c82fb20a0ee02b73477642ed8ee807619e7bbf160ee63ffa12e624996896a8b97652af2414556bd8479451f53f223d054313ddad7595ad550da00a8e0352b63b7ea8bea688db08561b281eba8cdea49158a984fdd09a14c6bbf88e3ceecd56a9851f7db6231f0efc53c686d171d19b0408bc169e6098eedca4058e6cc20e5372a13bf7f48ed9f829a8b56a37a13a7ce4c0a6cea6178998a740026ce3e45da10772e8cc0451965b74bc99ce13e146218f691b2126425c3a6f0efec449f106ebc88ba63107444ba11ead5a354c5a30d5115689eb385f6f13a0e048a42685c4173340cab5a1562ef8c904d2011f7026f169e6acf173705cd3c9abb1d76a197e02471923550a1ce21760565726eb59f6a6695848630a7fc13213c1afeb83c796722830308e85b757905dbfc0e4488fb74a30e677b4a4c9a33dcc107c9ad3427084564775ce314b87e0499987c2e35456c658b83d12b1017582582342c45350c81c2d4e6a014362974ee2bc651cb8647366fa0c2f95060c95376b3d9099687f2a9cdb7926fa8ea6a5f28c2a344114e51be4c27b887752a08cd509c6b7321650c0dc733c9fbf9e1303c03c6f6c8987b99ffd595eb69d540664a9ea89e74f46aecc6d37aa6ce15f887240224be361b4bb1aab3be23f59f2d07e2d66f8d6702b47f7154200f832bc68513bc000509161156c64e03f843c111f22eae2f6f836b13fa95b6f780861ed551b24ce8b9cdff59a12b83167b9c9adb88370821ffca2bfdbe2353990fd8d051284ccbbc4c5221074b831100434c0d068e0f6a449608bee558b952ce9c1c4f4852b2bf7a3c1176fbd1fad43e09a96a8f324f31e515d109ec3aa0a8f876b4821922de9cace662f533c582abba80e811029a19260c8e1fe854e0d2ddc4dbb53aa5b786d7fff8f86d88bbc2fe0ef57d3702354fa002d35c344669b57636a392f002ea9e2f032e571bef4f552341cc19c903827c97c34fda8785510488278db6cc0731461fdb10fb8c1174ad076f3c10a41f8774ee527d95023c30f8d4c76d934e8cbc8a7d51b620d1165c3dbd5e9ce9f4a4601f87bc26d3375beb674d6c90c888da77b96a77bc40b17f76038c58a9a2fa44a908a32cc50e6d1fb86da43d899c10ef959a21ddc5548fcf0b0f48bc27b36ed752625ad0468eba7d48ceb72dab9d516ff61a9fb774a80fc1547f47bd8da35355159f5d7a97a2c31edbf66c66735a4b28a0a85497577486a95691363d7ea76c8e2c440aa79bae9f6e9ae815beb36933867baff5121ad298e3c993d135401601d4e98457efb9a62c84910137756bd881ff7039d9488ef19179b2cf30fa17deb3075b0010633f738c2871122a09f1d04ff28870986e151b50debbb0b54b10ee17955aa809e8d4b7838ebb4254a9dee4fb0e7ea03791a68ee353fa8d109d5ed2bd474a1d26e8d4e795ed242371874a96db24e073e68e84cf4ed14bb10d28c66608ff251651f8fcb0abae36598e3316cf9b7168ab2d5162e05a2eba7c2bc83318b918c26c09af44d818ff405f3f484f5389e3eb1e726fd95c90014386c2bf616caf538e944a0f3adfcbfa571b66d843ac88b50752781738970c743a6f0ce8030e35d36fa8ca5461836244ccaa2a46065f0884caf80056f9cca5eaf1bbf858fac07fc195e5f48b1ad9c7f19d2c527d519f5e5497a90e83f120920e7f654f312ec657b43ea22eff2988edcc2a6bb7b7ae99e7d5d5e7ad06c624a751bb1cdcbae202d2ea1bae8d267e0d6041a1898581005b93cf1c22a802e132404f41b9514a1715f7204e1eb31aedead55d1970b3c4205ed597d57910553ff0d6e53247753d9113aa6da1883726591c44afd5d3d89adf826d4a3534e172f488c2204b3db8ca43baef12e6570daaf6652c9b279f43896b719575a34fcdcfc025fe753cfdbddc323407fa0372ca993310a88b7880e35387fa47270cf90bf65fec4f420de374108b3de121bdba8f3d15a5a6c4e1ee9c967423fddb7d81869fb8e1427d541566520965365af715c846d5a449fea9a8d993e65c2075dc25ad69331a9b1c60e4e9e020a4e473e3f513a636c44f7e04dbdbb29b79ff085c93498663b022445d60a9365f1b281429e08f48a565834239c0cb802425995e9a00b097f916f139d572ced59702308d53740251a90dc6d140893ebd22a905676a2767320c7f64982c5a6adb92e36630a7f5ec4fc8cc1958076c51671de10622de49e65c41b9eb00608b2ef978f727b7e23f2dc62a88078d72afe797af4ec95dc32de8a439d9c92718482ca26c28c8ef82da28a2b7661312a8ae7508630d68e87de9f15f6881e1f43c75b9b9c990e97c3d6ef208b6fb9a759b8c268ae016af59dceb0be22d7fc461310db6cfaf3d3cb0477720db67d1e082cc835da5b5835911696975a1a375b58d756c684b0095afbf0a1634d838ff14f237d7cd2d9ca959fbc66c0c5c3d333879dd01c3dec0d14d5ea126e7ab09d5f4feee87a6af95579fe30c2a3789055b40850e2229c64093e72f448e8bdb61b1088e5637e02064f566c82661f803823b0c36469fba5d838a5d3419991690cafa4b8f03d40219758ac93c1844fcb274601dd474d4174379f0db11d15b606469a1fb8c89f60c3f451cb633ea9a320f086ac75936d3fa0ead967f177c8638c68f1f26d297dc0c5cf131c0ae68a32f68939e4b456a1dec161c1d7b0a60a5105a6bad21b7d81500994c26db2eb12ed1e681892be5b354467a45cf3995a0da95f2574a0afc008487124144b2e0001546f0f166571d807a6f8fe9cd8d6c843402b8b24bf13e1e68cff04557bcacb8161c84c4783112e5abf8486b8ddb17a645a92201e3f81a6879a847f2beacbad037b6909c5c43490454e9a014cbb29708d4711d3d5f49fa2dd7c600127109b354e1e7cef60cdd7973302800c559695abd4a082ed7d1a90112124255c78282b9c7532f8a50ed3e98efad1a61249d9ee32ca78da22807b257a540643b69034f652291f3597b5adbd10f58cba331759a19b7fcfbeb1ccf4c17d275911ca7a30de93ee3c84545e3b7532d02a7af405772689454f2e834bce642a1bb74f9f7223049445701620456ad8242f70e898063decd6deee4fc6e8906ae859aebf5b91f2d0cb3898ecfdc107113342d26f33b0a3445ca38b7fe570488ffbc0582d29d42a60b56859", 0x1000}, {&(0x7f0000001180)="4402db3d81289813ec3fa0baa1ed3805efddcaf0c36d86f0ad7a7f2b237c691d64539281f4947753f7ee43201032e627cef1fdc620a9f337ded1c008e761482e2dccf669622d6a5b23013d989ca20be1aff1551306db4ba2f453fb6c9964562105b8612e5f1132704d123d0bf0e396045ec2d10965cbfb8c4709b1d642092fd788cb089cf06b4cf403293e3ae6d651a73d92208ef7930a8a84db07ba0007e16290582a79cc31496f4e", 0xa9}, {&(0x7f0000000000)="574833f8172bb272f2c1d2a09938abd9107675842915b26c8feeeeac24401a4a4cb6b040fd", 0x25}, {&(0x7f0000001240)="f2643a646a7c957afedfd6735d24d727f99999c28269992ec500def02f308ef308a1834fba89ce8e9915b9ca259e30d982b9ee0084d16a076dfff185c5c1832c4616eb06c5d8518dd80905cbc44a120f5767ca7a8a0788288b48f10acc245bdbf218a9c382f7f0988f20484b98a7f9a4bf1e45cc0ea7150133738508410fb282686683e526", 0x85}, {&(0x7f0000001300)="60e8e98ff2dd4b14978c9328536fb755feba8296a3ab3ffbb2de3d1d3cfb16b874f9a85a39ee071fa36617b7b6b897f8e715df24762aa985fdf2925d9039785cb7d6361e7fd4c6230f04e8a12030b0a73ded85fcf3a1794f9e28a9719aebe6a91efc5707e2a6268418050aab8fcb0324b333f6f0aaa369b8af467f23a2766a3980e36b5efd0d29043f267c930505fb6438b0abca34da4b3039c313c9a016", 0x9e}], 0x5, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) vmsplice(r1, &(0x7f0000001500)=[{&(0x7f00000013c0), 0x1a5}], 0x1, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffc8f) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000080)={0x0, @bt={0x2, 0x8, 0x1, 0x3, 0x8, 0x5, 0x4, 0x1000, 0x9, 0x2, 0x7, 0x8, 0xffffffff, 0x5, 0x2, 0xa}}) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) socket$inet_udp(0x2, 0x2, 0x0) [ 594.269730] IDTR: limit=0x00000000, base=0x0000000000000000 [ 594.295679] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.308088] EFER = 0x0000000000000000 PAT = 0x0007040600070406 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x100000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 594.318198] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 594.329784] Interruptibility = 00000000 ActivityState = 00000000 [ 594.339641] *** Host State *** [ 594.343255] RIP = 0xffffffff8120427e RSP = 0xffff88018682f390 [ 594.361400] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 05:59:57 executing program 1: r0 = socket$inet6_sctp(0xa, 0x6, 0x84) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x106}}, 0x20) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000007c0)) openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x4, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000880)={@un=@abs={0x1}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0x229) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="80cf50f4726f75702e6370752f0000000000", 0x1ff) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x4008af23, &(0x7f00000005c0)={0x0, 0x7fc}) io_setup(0x5, &(0x7f00000001c0)) r3 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0xfffffffffffffd50) sendto$inet(r4, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) io_destroy(0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)="2e2f6367726f75702e6e65742f73797a312775ca1e56b82a6b2c9610345bf0841f9c0102ea8317e1c2fd7ad819a4e039", 0x1ff) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000100)) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000940)=""/4096) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f00000000c0)="0a5cc8070031") pipe(&(0x7f00000003c0)) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8008}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 594.382719] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 594.399395] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 594.407708] CR0=0000000080050033 CR3=00000001d5cd4000 CR4=00000000001426f0 [ 594.414896] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 594.422049] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 594.434750] *** Control State *** [ 594.438339] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 594.457853] EntryControls=0000d1ff ExitControls=002fefff [ 594.464301] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 594.472803] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x500) [ 594.479640] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 594.487492] reason=80000021 qualification=0000000000000000 [ 594.494233] IDTVectoring: info=00000000 errcode=00000000 [ 594.500048] TSC Offset = 0xfffffebf8f55be64 [ 594.504892] EPT pointer = 0x00000001c007501e 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x800800000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 594.610177] *** Guest State *** [ 594.613475] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 594.628616] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 594.640009] CR3 = 0x0000000000000000 [ 594.644137] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 594.650792] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 594.657420] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 594.664672] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.673076] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.681760] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 594.690126] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.701805] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.710054] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.718235] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 594.726401] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 594.734811] IDTR: limit=0x00000000, base=0x0000000000000000 [ 594.742978] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 594.751282] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 594.757714] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 594.765480] Interruptibility = 00000000 ActivityState = 00000000 [ 594.771752] *** Host State *** [ 594.774943] RIP = 0xffffffff8120427e RSP = 0xffff8801875a7390 [ 594.780976] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 594.787387] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 594.795330] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 594.801271] CR0=0000000080050033 CR3=00000001d1fc1000 CR4=00000000001426f0 [ 594.808406] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 594.815164] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 594.821272] *** Control State *** [ 594.824868] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 594.831609] EntryControls=0000d1ff ExitControls=002fefff [ 594.837183] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 594.844160] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 594.850871] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 594.857433] reason=80000021 qualification=0000000000000000 [ 594.863782] IDTVectoring: info=00000000 errcode=00000000 [ 594.869409] TSC Offset = 0xfffffebf4915e563 [ 594.873800] EPT pointer = 0x00000001c0eb401e 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x600}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:57 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0xffff8000) 05:59:57 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000000000000000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:57 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xe00, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:57 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xfeffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 595.012443] *** Guest State *** [ 595.015902] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 595.025646] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 595.035051] CR3 = 0x0000000000000000 [ 595.038984] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 595.045565] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 595.051927] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 595.063137] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.075996] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.086149] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 595.094646] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.103725] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.112543] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.120857] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 595.129022] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 595.137832] IDTR: limit=0x00000000, base=0x0000000000000000 [ 595.146157] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.154474] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 595.161649] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 595.170408] Interruptibility = 00000000 ActivityState = 00000000 [ 595.177915] *** Host State *** [ 595.182004] RIP = 0xffffffff8120427e RSP = 0xffff8801807bf390 [ 595.188306] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 595.195095] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 595.203015] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 05:59:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xe0ffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000000)) ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000180)=0x10000000000062) read(r1, &(0x7f0000000040)=""/11, 0xffffff3a) r2 = syz_open_pts(r1, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f00000005c0)={0x0, 0x0, 0x5, 0x0, [], [{0x3, 0x3, 0x3, 0xfffffffffffffffb, 0x791, 0x6}, {0x1, 0x4, 0x0, 0x6, 0x9, 0xfffffffffffff2e4}], [[], [], [], [], []]}) ioctl$TCSETS(r2, 0x5402, &(0x7f0000000240)={0x0, 0x0, 0x0, 0xfffffffffffffffc}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r3, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu\x00', 0x200002, 0x0) ioctl(r4, 0x9, &(0x7f0000000040)="61872f50bae829212c11051917db1d8e455c5ee9f0f414df1c28f29c") r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cgroup.clone_children\x00', 0x2, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000200)="6370757365742e6d016d6f72795f707265737375726500672d4a26c94c07de9b7b18759190db946851d1e8f2702cc30f6e38e61dca0a1d4d34ab01796f24c7a8258c98eed96cbdce0e821e7c41a3d29adad268d7e6ea352c33902a32340c801b27eb5b21774c37b427c9969e00020000000000000df06c940bb2674eb65fced214fec2b7e60fd4e8ccfe5ba7ddf41b", 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r6, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@remote, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) sendmsg$nl_route_sched(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ec0000002800020025bd7000ffdbdf2500000000", @ANYRES32=r7, @ANYBLOB="f3fff3ff00000600f2fffeff08000500037900000800010061746d00b8000200340003004fba0dd49e5a68767b25e4840521f3793929aaf26fcfcd7584d6d56c3491d13fb72f0b6eea0bbfe9774297cb7d6e296c08000400ffff0800080004000a000f00440003001f4c39edb42cfc18aaeb2b0c3644d0128a234733a7b91f45db73460f63ac9d9e78f3f2df38861ca3effc72354d74a4e26d33fde851aac35be98c589284fa4cac719b048e2ab100000014000300b75aeed6f29b916bd1350f3badd1d3001800030048204c38895b0c0780a965373c4cb659cc000000"], 0xec}, 0x1, 0x0, 0x0, 0x40}, 0x4000) sendfile(r5, r6, &(0x7f0000000000), 0x40000000d) [ 595.208944] CR0=0000000080050033 CR3=00000001c3dd2000 CR4=00000000001426f0 [ 595.216866] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 595.230170] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 595.240902] *** Control State *** [ 595.245918] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 595.253552] EntryControls=0000d1ff ExitControls=002fefff [ 595.286901] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 595.293909] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 595.300856] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 595.307577] reason=80000021 qualification=0000000000000000 [ 595.314583] IDTVectoring: info=00000000 errcode=00000000 [ 595.320134] TSC Offset = 0xfffffebf0d6e48d1 [ 595.324442] EPT pointer = 0x00000001cb28901e 05:59:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="8c"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f00000001c0)={0x1, @raw_data="fbf6a006d0acef8c109283a6ad21f08d2eaaa4f239f05392e66d99c6e8295cd9004c5a8b0903156b764ab46bdae1daf4da29f0040b37639c8847888aee0bd07120d47da1d89240df194a8406407f5e6d6cfbf20526b2b359631fef8a65de0829d9f3789120ecd7501f898f69c7c8d97a59d06cbfc6116010695967ba136f14c5b01aab4c27d4a261f3c5d3f9e04e3de91a02e424b77f4a55aa6e498c456535e97edc4d4fe0fdd419a7ab42f59411d8b57a5679d8751b04e588b0c91dcf94f96a0d29452b092ebb4a"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f01c8f20f35ba2000b000ee0f2336360fc76df20f2054440f20c0663504000000440f22c064f3e10a660f3a63a63c6700baf80c66b8bd08428766efbafc0cb066ee", 0x42}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:59:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x4000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:58 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x7400) 05:59:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x101000, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000000)=0x20050, 0x4) bind$inet6(r2, &(0x7f00000003c0), 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@link_local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000080)) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000040)) unshare(0x40000600) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00') fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) geteuid() lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)) setsockopt(r2, 0x4, 0x3, &(0x7f0000000400)="2dbc8da272735a451686f493c778301fd8c4824e8797ad5c397f8f70ac0db0d90fa943a369d89bfeeca5723c4d07f9ccecc2be67926a6b9ed5d328cde6874303db7415e66128e1acead2fa560dc27cc7f2ad5b7259f99de9905d54bfcacb92b9a019f8ed3d70eaa49a6cb89a8eda3c2bde2c00df66844008cc5ddfeccd69c092f77bcb5aad750ec4da0379a644f94f0fad2cb6a8ccf7ec018ad8a16cad7c72b41c09dffe6d61bd68cbda8852790d", 0xae) setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000000380)={{}, {}, [], {}, [], {0x10, 0x7}, {0x20, 0x4}}, 0x24, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x682000, 0x0) [ 595.423573] *** Guest State *** [ 595.427464] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 595.444795] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 595.456300] CR3 = 0x0000000000000000 05:59:58 executing program 1: openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2000, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000240)=0x5) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002a40)={{{@in6=@mcast2, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000002980)=0xe8) r2 = syz_open_dev$sndpcmp(&(0x7f0000000280)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000300)=""/253) r3 = openat$cgroup_ro(r2, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000004c0), &(0x7f0000000500)=0xb) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000680)={0x0, 0xffff, 0x6, 0x3, 0x6, 0x9, 0x9, 0x10000, {0x0, @in={{0x2, 0x4e20, @remote}}, 0x0, 0x0, 0x2}}, &(0x7f0000000740)=0xb0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000029c0)) r4 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000100)={0x0, 0x10000000}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000480)=@proc={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000044c0), 0x0, &(0x7f00000029c0), 0x0, 0x100000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYBLOB="02dd7c0000000000"], 0xc) chdir(&(0x7f0000000180)='./file0\x00') ioctl$int_out(0xffffffffffffffff, 0x2, &(0x7f0000000000)) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) [ 595.490946] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 595.507263] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 595.515225] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 595.522268] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.530892] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x2000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 595.539108] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 595.548049] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.556401] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.564858] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 595.573261] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 595.581804] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 595.612548] IDTR: limit=0x00000000, base=0x0000000000000000 [ 595.617682] IPVS: ftp: loaded support on port[0] = 21 [ 595.691439] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 05:59:58 executing program 1: openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2000, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000240)=0x5) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002a40)={{{@in6=@mcast2, @in6=@loopback}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000002980)=0xe8) r2 = syz_open_dev$sndpcmp(&(0x7f0000000280)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000300)=""/253) r3 = openat$cgroup_ro(r2, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000004c0), &(0x7f0000000500)=0xb) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000680)={0x0, 0xffff, 0x6, 0x3, 0x6, 0x9, 0x9, 0x10000, {0x0, @in={{0x2, 0x4e20, @remote}}, 0x0, 0x0, 0x2}}, &(0x7f0000000740)=0xb0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000029c0)) r4 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000100)={0x0, 0x10000000}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000480)=@proc={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000044c0), 0x0, &(0x7f00000029c0), 0x0, 0x100000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000440)={'syz1'}, 0x1200e) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYBLOB="02dd7c0000000000"], 0xc) chdir(&(0x7f0000000180)='./file0\x00') ioctl$int_out(0xffffffffffffffff, 0x2, &(0x7f0000000000)) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) [ 595.736774] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 595.776683] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 595.806513] Interruptibility = 00000000 ActivityState = 00000000 [ 595.847195] *** Host State *** 05:59:58 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "7175657565310e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:58 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x6000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 05:59:58 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x1f000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 05:59:58 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000540)=@add_del={0x2, &(0x7f0000000480)='ip6tnl0\x00', 0x4}) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000040)=0xfffffffffffffff8) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r0, r0, &(0x7f00000a2000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f00000002c0)="66ba6100b808000080ef66ba400066b8f70066ef366abb0f070f060fc76fd00f215cb9800000c00f3235002000000f3066670f23d86764362e650fc71a", 0x3d}], 0x1, 0x78, &(0x7f0000000340)=[@cr4={0x1, 0x20000}, @cstype0={0x4, 0xb}], 0x2) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_int(r0, 0x29, 0x59, &(0x7f0000000200)=0x5, 0x4) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8910, &(0x7f00000005c0)=@buf={0x0, &(0x7f00000006c0)}) accept4$alg(r0, 0x0, 0x0, 0x80800) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1, 0x0, 0x0, 0x1000, &(0x7f000040e000/0x1000)=nil}) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'yam0\x00', {0x2, 0x4e20, @remote}}) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000380)=0x59b) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000100)={0x0, 0x5d, 0x0, 0x0, 0x9}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000580)) perf_event_open(&(0x7f0000000600)={0x3, 0x70, 0x8000, 0x7, 0xb63, 0x0, 0x0, 0x100, 0x4000, 0x0, 0x0, 0x7, 0x100, 0x0, 0x0, 0x0, 0xe394, 0x100000001, 0x0, 0x200, 0x0, 0x80000000, 0x7, 0x5, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xb07c, 0x0, 0x0, 0x16ab77ea, 0x2, 0x100, 0x0, 0x5, 0x0, @perf_config_ext={0x0, 0x6}, 0x0, 0x2, 0xfffffffffffffff9, 0x7, 0x0, 0x677}, 0x0, 0x0, r1, 0x1) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f00000003c0)={0x0, 0x4, 0x0, 'queue1\x00'}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000140)="360f303e0f01df6766c7442400090000006766c7442402020000006766c744240600000000670f011c240f20c06635200000000f22c0263356470f0764f30f2a342e260f0f970a008e0f08660f5808", 0x4f}], 0x1, 0x0, &(0x7f0000000200), 0x0) setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000280)={0x7f, @loopback, 0x4e20, 0x0, 'lblc\x00', 0x2, 0xd8, 0x4}, 0x2c) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000a40)='fou\x00') [ 595.890693] RIP = 0xffffffff8120427e RSP = 0xffff88017feaf390 [ 595.902628] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 595.909301] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 595.948023] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 595.954555] CR0=0000000080050033 CR3=00000001c4f88000 CR4=00000000001426f0 [ 595.962706] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 595.969590] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 595.976026] *** Control State *** [ 595.979780] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 596.012619] EntryControls=0000d1ff ExitControls=002fefff [ 596.040204] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 596.070480] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 596.097293] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 05:59:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 596.126710] reason=80000021 qualification=0000000000000000 [ 596.171064] IDTVectoring: info=00000000 errcode=00000000 05:59:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x4c00) [ 596.198527] TSC Offset = 0xfffffebed5f11d13 [ 596.203134] EPT pointer = 0x00000001be6d501e 05:59:59 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x10}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 596.360250] *** Guest State *** 05:59:59 executing program 1: r0 = socket$kcm(0xa, 0x922000000003, 0x11) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x40000, 0x0) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f00000002c0)=0x1) uselib(&(0x7f0000000240)='./file0\x00') openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) mlockall(0x4) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, 0x80010, r1, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/connector\x00') setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000001380)={0x0, 0x924}, 0x8) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) ioctl$EVIOCGABS20(r1, 0x80184560, &(0x7f0000000380)=""/4096) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_script(r2, &(0x7f0000000440)=ANY=[], 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000003800)=[{&(0x7f00000018c0)="f4001100002b2c25e994efd18498d66205baa68754a3000000000200000003000000000000ffffff8400000000000000c00195c1e2d4f32ebdbed8280238", 0x3e}], 0x1}, 0x0) write$P9_RSETATTR(r2, &(0x7f0000000200)={0x7, 0x1b, 0x1}, 0x7) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000340)={0x0, 0x9, 0x20}, 0xc) [ 596.384451] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 596.424569] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 596.451450] IPVS: ftp: loaded support on port[0] = 21 [ 596.470860] CR3 = 0x0000000000000000 [ 596.497046] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 596.520618] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 596.539784] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 596.547151] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.564947] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.600332] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 596.616579] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.628021] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.636401] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.646591] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 596.655028] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 596.663419] IDTR: limit=0x00000000, base=0x0000000000000000 [ 596.672055] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 596.680675] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 596.687370] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 596.695530] Interruptibility = 00000000 ActivityState = 00000000 [ 596.702475] *** Host State *** [ 596.705909] RIP = 0xffffffff8120427e RSP = 0xffff880184b57390 [ 596.712418] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 596.719062] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 596.727633] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 596.733724] CR0=0000000080050033 CR3=00000001c4f88000 CR4=00000000001426e0 [ 596.741264] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 596.749038] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 596.755317] *** Control State *** [ 596.759143] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 596.766058] EntryControls=0000d1ff ExitControls=002fefff [ 596.771881] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 596.778993] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 596.785880] VMExit: intr_info=00000000 errcode=00000000 ilen=00000002 [ 596.785888] reason=80000021 qualification=0000000000000000 [ 596.785895] IDTVectoring: info=00000000 errcode=00000000 [ 596.785902] TSC Offset = 0xfffffebe5c309547 [ 596.785911] EPT pointer = 0x00000001cbba401e 06:00:16 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x101000, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000000)=0x20050, 0x4) bind$inet6(r2, &(0x7f00000003c0), 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@link_local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000080)) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000040)) unshare(0x40000600) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00') fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) geteuid() lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)) setsockopt(r2, 0x4, 0x3, &(0x7f0000000400)="2dbc8da272735a451686f493c778301fd8c4824e8797ad5c397f8f70ac0db0d90fa943a369d89bfeeca5723c4d07f9ccecc2be67926a6b9ed5d328cde6874303db7415e66128e1acead2fa560dc27cc7f2ad5b7259f99de9905d54bfcacb92b9a019f8ed3d70eaa49a6cb89a8eda3c2bde2c00df66844008cc5ddfeccd69c092f77bcb5aad750ec4da0379a644f94f0fad2cb6a8ccf7ec018ad8a16cad7c72b41c09dffe6d61bd68cbda8852790d", 0xae) setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000000380)={{}, {}, [], {}, [], {0x10, 0x7}, {0x20, 0x4}}, 0x24, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x682000, 0x0) 06:00:16 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x4000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:16 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mouse(&(0x7f0000000440)='/dev/input/mouse#\x00', 0xd58, 0x0) setresuid(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/148, 0x94}], 0x1, 0x0) semget(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000091, 0x0) 06:00:16 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x1f00000000000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x4800) 06:00:16 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100fdfdffff00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:16 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8800000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:16 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6bd, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r1 = syz_open_dev$usb(&(0x7f0000000480)='/dev/bus/usb/00#/00#\x00', 0x9, 0x800) sendmsg$alg(r1, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000004c0)="9079cc39cafde3b3e5bc972b9eb20776f5e6983e706641a2b605a435a8e813920d36e8", 0x23}, {&(0x7f0000000500)="2509ebc6d9dff650cc11e863c6", 0xd}, {&(0x7f0000000540)="38e165448eb4e59a43182cf839109e35730ec3f75f8d277a71582b1ebb83fc71c66ac646ea0867f6a429a5e6b4914fa3dc3153c2104f8b208f8639d45481a522d2d0e470cc0fa4c288623c1b3c5b3893f6ea24f07e9630747204073185387ce2ca5461d0d614f13d88260a0642c46d96ff3f1ea53effb363a48b6b7f282d3d58a891ed1f0e1e9013bfb72a580e1f085cf7c8056b285c69", 0x97}, {&(0x7f0000000600)="1aa5542eee2d67f59f063cfb8cfc1db80cc862be1f519d5593920ad45e88285e500ae22f5883524734", 0x29}, {&(0x7f0000000640)="0733994bb771bd06d6844c1216c8d4996044d0cd8287b0ad78856dcc5e5ed8b88c68c938b85cfe4c031b6b6ac7fd7380be1eca6421cc3a07e5ebd53dbcc145ce330f61bfa6fa5eab10f59f18f587e210899b91f6fd3c655ef304bfa49deb80a61f54bbeb1689b42dea7537c703c48b3693b17c50230340509584110132a07881025284ed0c4c1b7e4e8b951138e6a20def9dfff5376eb148f554dd5c29c540a8e8ff1027f8c2537ca5163c517858d6bc4fc17ab4c72c411ff0843e7528998efd9b75c980ff9ee761e40b57f4a67c797cfc84054dad215bb798163497679dc78427c2f3d11b4149817fec165e5598f393fb023e062a3c3c8eb1352a1789638b2202b64cbaa1bba8310cc619f62afc89c4322993ca74328651dbb25d9370be0d689d0d9a8dd3067172c125eb5dce7e983a7b0c279c565f8c31c6e8b7a27a9dcdca6379ebe08ba3a591e05ca23e5c4043b45098bbf759e92d491dbdf04bea439ad42546bf2270ca75305bd6b7a46134161e5926cbb0d2afc724942b18eecca8fa331fa6448a870b6c6a5dba8efdc70b7f6ed1cf646d51d2dec116866cfb55c69a88a733b62bed717e507d6963a054885368225a583c46b44650ee6b81039763603eb3f3ea1f9a7cbd91c3cdb5913839e8191e2bfb0255541f8d83b7dc3c65728b1d3e84e74168ea7d944a8e015887e634f8f89ac7fb03a079c5634941772f2cace5d18329490c6c01a925b17549bdc8623f85a742b739cae8e589b5580616391b1ad8f1e1be2282528eadd37b62ff991a77973437b432283560a0281b8b630b7a243698c43364b91eac83633d4a3585712c538bd83cea6dd3fd1432a3d60cc4764ae8e9e4736816f003ce6ad00613bfdcfa19f51342aa2077eeb5c9a3160239eda287225f830dd0fbcb40ff95e0ec4028b952e90a6656c113515533f74bbf0cdab27e338e0a67af7defb7b59f628238d724233929b36853cf72553d0d008bd42f72bdde466ec5fae231c6263284c82399f3f02f440e22dacd5216d4cee831b0baea6ba318074f71d26d1919c91422087f7bbb3e7a1faf1a3273e828eb2a1ec88e1df709c2c0be571d1edca09bbacf05e8fba64b37f1754e8cf22e63279de24bc5feb44e274156212bcdf1e1a9fe8390b5179fdd3f8ee07e3aeaa4e26be300c71e423a8b0652f67ca9b44db6877023579f7527749eef70a147cfe2ad7bc7aec1a774e29f467af8939fdfc42d29cdd29689a8747cb458a5ee67cbb62bfd41c421287a07b383e7481c933914a02672959b7468aeaebfb6e39a01c2b4f7a2107db90b8c323ec99509fc52f4adf871548b02c12b4b3a2ae8f495f89bada7008aa51c0cfc6ae35c997ddd832b480de16f34a2f28899888e181d8d1e765cdf14ff2dc256b89a34b9cb198f452b0da4d295f4b01f8bb9d01069da2e32e9f485141fdbbc9026ae716968902e6bb0dc4bc83fb37231b1774f45087505a70b8a5da4331d30439bef916bd26e33df4fbfe4f45fd6ca65e429af517d9575aeae85cd1d0f710fadf39c861fa8795d128578a53bf3c934bf16dd028709f26f410dfe8e2eb69ccf3d70f951beab5c724a6d8057f7398f11002d1b24578044e07828941c344006eeb0619a553bd7dbf77d159e328dfddadf98bfae3e68b50f7e7c33612f2b8a7d0fc0ab0173e2236f01478425f241d796efe55e170b7ab403dcf9672650ce7d18024daa142fad93fee499c6057dae144a811725f27e2506baf5cc39f4ec23e4a922457aabf90c9ce819585e76f2bf0040557ca9a2a49b108d2ce09a5e05f091a2ce639ebf48da7818571de99f94e89757b2e1b45fd825d1bb60a0c0edea4c5414e3e5ee8fbdbe0a0258366e31bce26c56b72333cb339f8ead3b86f5248dcc260f91b5d18741b7a1ee68e3c8c84fe14017f08a693116a6cec2acd0fbad64d059bb5851b61f9fc34660108e1ead9a49febc85cbe3bc314234f9e96478d1a7f4d985550fb57b4366ada170ae6a093e1bb7d0bc054f3edae41b5515e121f70a158dc4f922d34bb4905e31b832c9e9e8a04fe21c85e7209f6353c5b7d02932a1b9ef983d63c8fd5d857247a2bcbe95501ea113a1abc226c888538265b04ff103bf723572fc1fd975656e224e2ee0d91a5eb97f1d8af3286aafef36eadb0d5618033dba4be1afe76b3aa40ddf218e93cf597c9364faaed8ea30cf0d10f3cb919f1e8db464af4b97bb72a3af3e8be9cecf5980f7076c7f771ed5dc9721cf934d46bc0f2fad70bd6885ffb81df267939af623c0d62e1d6fa198ab91cf2152d74edc6ebdfda81738db9b7e36fd2e5cad4776a384cced0ac90664a8384b071c187c51cd662e0020ba742703b167d838245dc607cba4ea3a3865cdc0fc23501f3437274d8cc77eafa1d65d825d79679b5ac732fddec2830fffd5d2be83cd73c63158179f3d1f1f8d7f39de4bc0c50f2451802adb4900996a7fec54deca53c0cb50dac990248fc4024517619f644aff7b4f817f019a52ce32ab5d412b74ec9f81900f05a5dbc93fc88b670a8e1ff07d6f01ff97f0992ca0a9f9ba621f3e81064748de614d727ee10e0ede867d2fb3a6d7f9493fb4690fcb89a1cabdc22c997b7780d5f2b302a23c81177883bbbef5f08045850c47fc65ab56126203968ce5fe8dc5988a87c58f3acddcb87c10c3e9ed0af16c3674c670de5c7711006d39979eef4a9793cab867b2dc9986c56faa9182754ed55ebe241d5134ecee14b6b1ededce5db129ec165d5abbc17a1c6eae650618e7831967657d51e7e1b87c2c450a4a6348be988cb937143a2f9f98181e935c9273cca1155bc2ea0349b07b1245a92988f6f97503609f104ee6c353027f3a012ad48ff68161e09514411ffc7cf57a2c217259970dc59374a17d60ee9f5c2d1f696a79b05587f84e27e82bca5d53d7c1a7a2a2b98789d69068a75740d467e13dc4dc98fc03611429a335d767d9009564f5c8fd08b2e9dc0bea63162f2be57bc85c519b34ab32202d30a9812873f2a9d0fdd65e884a0247475a3d7d9da8a36c078c2095f2071b2a89e9a5c6e94b1dd4dcb89c918bc4282a1f2af43383a41d782288bd1af014c2bfd33153b85ba106cc6015c294916eedd18d0f9c71edcdd3a354816854d5eac3457aca5d5a25ad3dcfb7de66c4f2d6640d948ac27d36b3297367f7aabe621c59a641dd409447d16426b0740ec59a07435be3a57870b42d791ee24de5bc0040a84ad949b3b3834f25d0593661fcdd8248df9037eb9ea25af65c1587e8a55675d049a27477501e726dd0f351c18218ed74a685ce60c6778a2363fc1227cc7d028822411054fc350a2827ac8e9fa529219326166fbb9676cb24ff10b37748fea204b80fb748a441a41884fc586c5740107572e8b997b41048647019d2fc6e4f2176a2f140159f9ddb2aaab34f6b82e26585fc3998c82b4418ffc4acd602db45f4d3f3b4c1f4b1f5b03e99f0a25dafcef3b7fe40eba9d7731a96f64da69bcfdc8dd39927a072a00779b2d230191af2db9b7afd125682d96ae9972bdaa84a9c38b847426a0b9bc3eb704ac862b18e3d891a840b83db640503f263e79cfe496c83be25958fcf948c26651a67ec3fff0fa8169d03069bc4cf2232b42be840b97b6342009ac672ef68cbe76440c05d45813110ade483d21310683c06c963671d629873af5fa9cf7edcd9bc344cecf20b9cd0dea2987028d3a8feb5442951811d96278a02293a588fb7136c465020830c0e55c33578598c1737449ed237ed67d11cacc708c499d1e46212631f2517bb75b5f5d8f8070a9898557404bc686f8fe768854479af9f6e6f2f0544ad63b975d30b8d2fd1dfde17d824ddda2b06f6423d925b0113e42eea6dd24a65c367f423052319ded51af4651e0f49aae6b95f50af0cf9f7c503e6b81d6c2488be73e47739d56060e3666d5e3f1e6809e96d5020cc7f524bd9583cd693c0a709bec3fd5e93dada718fb3a52c418159fa086ee95493d4f96b5c17cd63f5e97d60026c094f04ab52c850952489f0261bf55bcb376a1ca89d8ab6eec2c4665ae2cd62b63e712cb76adcce93052140330953da169ad1ae0cdd79287be224db57f723859e60b37dfb196f6a936025f731120ac95bd709286384250dd8ecd1dd35a9b16fc689afe9e90a206e8e92f9985bed35c61b383e88f3b87efa3a175f94cd609c2c69f60e351189196a8f1e5b05e6fb2943be1631bdd1ad91e7e09626bc19c9f55f275f62997ea2d073fc9dc69f7d1aaed5dc39f09154459080c65b0a04bbeb73559909cad292717ff4fe9caee46184244c6a4ae6527eca34549728611034cea6a2d910aecf9a72094a1a44e5ad07da3d000b6a982e6f68ae0bb75317cc49fb0ccd388803476f7073686f6e503c60d3148bdd1454ec3d64990bbaa0c04ddc9666bdbe7dc5a8a6c3229639c926ca694d45b4ffb487deb0768f715e6299ad679823bac7569ae156227a7c2f16a6f4fe8aac4f6ddf192ee13e19093106508dc219774a89b91d8a5973320a90aaffe14672af7bd22da611825dba80175e10d571182182b20d44db59d15a176b62eb079382a5c67dea14a55c9c8c43a4e8ae1219524179644123401395e30a406cad5d00b89b2d4d8e317f4645ab940cce8228b2e139d4ed98aea6872c3e988a5ff35f79c0a8dbc429f03258d6ea2f946c0cdee9a5328706df1df1e0ae9b1432af0085ed0ff9ad981b4e402b9b86ee7805b1b7f76d9ea5f42f6fbc484d3dc8001c712716f4e1c62c893710416735774f278bbc61e892886f544e2a4c9d47007819dfdeb5e57fd30ede4a45faf29c7bd2105de671730b09b25e4762b9220643178aa41a0661a192a31cea6fdac17f924a920b90715e8d1859bde4c580a98eae2ebaf676a9b7744281f4d5c628e42a20cc54115ac313d566b9445a5e7c5e2b4d85399e43dec4f3381d84bb50b8d3fad6f98f3e42ffb6084326316810becc061fa3cadfdf25231b9d516e6986c538a2bcf7124ae307b22861b6fc781b8967b339260666de16e8a8540c2b21a15f062678afe9f3c1c015ec12d2d35e02bc71417a4def72f2d912e9f09e389def9f72957baa586b1a4fe36f210cfbb5cce2fb0e828b3fa42fd2a6437bdfe5c1c301d9ce04240a212d1389497bcff65bca81c15b3414fe0ced408535fcd255a7cdf481f1df28d92914ad5b8759e4bcaee4b7043cb7bfb8be65c1af7317734a8cb7ca672dbd962e57ed16132fda1aa7635adf4e2aee019acf6c6386e96a2dada921291ab4494fee07d20d0f7533c0479c7c894b7b64eaf31f7ba709c8d41b40220bd40cd08ab01ee605dc027fba8fb7661273334f29eca0833cccab067622405f494ed8d53726f458a1f99c6da5566ff8c3faf7433266f7f39055b72dfb8f5d0efa7843e7cb9737dbd8f6386a5b6251077b73ba1d92da9af1874465dc6afce778bb9e48b4e663fc028b451b8c4e31c278b084827cd6e858b66cd3ea11bcb03e7afb128d8f1b500e6756100b7a30138e8c49ef3f715963176a9aeebb650da4c029b3a06cf0f0a120dcf593730d3cdcf047877b9095238e295f1624a709207532fcd9803df2b5bc7070b5d25f546847e206d50508302dda08566de1f7d95b6352b7a5c115c67a168d563055f50f58bf7bd8f6be701a2c622fcdbdb88de383110a8c976e25c64d7447da90eeb3127a3262a3dc2dda4fe7155439ed677d9423d6792640d4f2c69abbf830f59a59c45f330705e0f3dd8604f21c6b01596edfef992c3521a8241810877851b7a42a1de63feabb8a59a4916d04367aba", 0x1000}, {&(0x7f0000001640)="88e01da1bf4e6d90172119ddf03e4ca9039b65f73687a56858b042db27af61b8debc9a493ee8263e74e8323cbe1efb4cc7b828590463c6c7b621b7ec7e3fb960875c352feb4f16b7214257d82ab0dbcd37e003c2e625e1e73edf1313b6087c63ac7479dfe6fa100c407cfa43aefa93c815", 0x71}, {&(0x7f00000016c0)="dfd58fc07ef461a0425c16da344e08a608afd30c5438fb3669f72a73a852be1c39661d49da78227a97b68af2e2ae6749cc77b04f42068b447a1940e6c73fc0ef449babdd850532ad9b3f62cb85c5bf1a6d435b97e6166d414f019657afca3ad3058ffee1c7348a64947b84c4f10ddc282efaa726d6f2faef7811cfa19f3735a8be6c23890203a6f3f9c06cff382762f59097292e418beb3b56bc1ca4003f462f14f39e967cb8a556a99b44c2cc43fbaf450f5ddd8e4d08e3d5c31d060f4db55e43362b59a56bdcc391754cf6dc25c623d1484a915fedfd90e2b6aa14c2d863b0a2a56da892bc34de1c908d46ca1f58be612edac74a3ae29f58d294cb956e", 0xfe}, {&(0x7f00000017c0)="6977e6f599336616990b4f78549726116c65aa118c5cb8b14dd647eec2da529647202c6f6ca29625255c3718687c72bda6560eeafa54180d0ac4c7ced2f6eec45d0dd4de6b66a2682222605bf93c9a6f818e609af675e87ffb94cb1268cb941f757489", 0x63}], 0x8, &(0x7f00000018c0)=[@assoc={0x18, 0x117, 0x4, 0x7f}, @assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x81}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0xa0, 0x117, 0x2, 0x89, "05c0b7a705f452b2aac4cd17e43270fe4ade37e1acd2e7319bca3e236ae7104395c5d9a2d351407b7a66870407b9385275e89af00360a3f5d348dca2239561cfabb80a3d43a20c9f3b82d706684e3be11ebd9367bc933336c6e0517c75d9b7969568b72dcc2832f4e07a23ff103585caac99241c683990e22f178f46069733788d16094eba8b72882f"}, @op={0x18}], 0x130, 0x800}, 0x4000) sendto$inet(r0, &(0x7f0000762fff), 0xfc61, 0x0, &(0x7f000057bff0)={0x2, 0x4e24, @multicast1}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='sched\x00') ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x9bc) ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f00000000c0)) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x3, 0x20000) [ 614.032850] *** Guest State *** [ 614.042742] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 614.059244] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 614.090031] CR3 = 0x0000000000000000 [ 614.093767] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 614.099721] RFLAGS=0x00000006 DR7 = 0x0000000000000400 06:00:17 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000380)='/dev/vcs#\x00', 0x1, 0x101000) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000500)={0xddf5, 0x101, 0xfffffffffffffff7, 0x7dd, 0xb073, 0x3ff, 0x4, 0x3, 0x7c66a535, 0x0, 0x400, 0xd}) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x1b) r2 = creat(&(0x7f0000000300)='./file0\x00', 0x4) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000340)={0x0, 0x248b80000000001}) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000003c0)={0x0, 0x5, 0x9, 0x9, 0x4, 0x3, 0x3, 0x9, {0x0, @in6={{0xa, 0x4e23, 0x2, @local, 0x9}}, 0x6, 0x111, 0x7, 0x7f, 0x2}}, &(0x7f0000000480)=0xb0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000004c0)={r3, 0x7fffffff, 0x3, 0x40, 0x0, 0x8000}, 0x14) r4 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0xfffffffffffffff9, 0x80000) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e24, 0x4, @mcast1, 0x3}}}, &(0x7f0000000180)=0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f00000001c0)={r5, @in={{0x2, 0x4e23, @rand_addr=0x20}}, [0x30000000000000, 0x7ff, 0x4, 0x10001, 0x7ff, 0x3, 0x9, 0x7f, 0x200, 0x6, 0x8, 0xfff, 0x3, 0x4, 0x76f0]}, &(0x7f00000002c0)=0x100) 06:00:17 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x300000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 614.157431] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 614.178340] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 614.179219] IPVS: ftp: loaded support on port[0] = 21 06:00:17 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001100)={0x2, 0x4e23, @remote}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xfffffffffffffdf8) r1 = creat(&(0x7f0000000340)='./file0\x00', 0x80) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000380)) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{}, {{@in=@multicast2}, 0x0, @in=@remote}}, 0xe8) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) getsockopt$inet_tcp_int(r0, 0x6, 0x6, &(0x7f0000000000), &(0x7f0000000300)=0x4) sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) rt_sigtimedwait(&(0x7f00000000c0), 0x0, &(0x7f0000000180)={0x0, r3+10000000}, 0x8) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f0000000100)) ptrace(0x10, r4) ptrace$setregs(0x8, r4, 0x0, &(0x7f0000000500)) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff}, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0xa44, 0x4) ioctl$TIOCMSET(r1, 0x5418, &(0x7f00000003c0)=0xff) write(r0, &(0x7f00000002c0)="7eef91bb865d0b273ea535f34af249b9f12014967a783886", 0x18) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) write(r0, &(0x7f0000000200)="f7d7317b1dc5f950f52d23e0786e4d329fc089b931aa8588fdc4f1ecba84b963618d21b85d49eea46ccc2874c2ef4eacef893059ec57bd8f35fe8101dd54566b2660919f84b02e624b3e3212e9bc887eb2c9a0956607a67787ef6f515c85734777a04f08bf43240edf83dfec4913b49777a35a39b975c04e137a8432689f64306c5e", 0x82) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/158, 0x9e}], 0x1) dup2(r5, r0) [ 614.220522] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:17 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x3f000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 614.266509] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 614.311960] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 614.357510] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 614.387095] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 614.400189] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 614.414709] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 614.430724] IDTR: limit=0x00000000, base=0x0000000000000000 [ 614.438902] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 614.479925] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 614.486329] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 614.500102] Interruptibility = 00000000 ActivityState = 00000000 [ 614.506946] *** Host State *** [ 614.510690] RIP = 0xffffffff8120427e RSP = 0xffff880186abf390 [ 614.517080] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 614.524162] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 614.532699] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 614.538787] CR0=0000000080050033 CR3=00000001d1bd9000 CR4=00000000001426f0 [ 614.546364] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 614.553993] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 614.560793] *** Control State *** [ 614.564470] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 614.571671] EntryControls=0000d1ff ExitControls=002fefff [ 614.577391] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 614.585545] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 614.593792] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 614.600836] reason=80000021 qualification=0000000000000000 [ 614.607388] IDTVectoring: info=00000000 errcode=00000000 [ 614.613311] TSC Offset = 0xfffffeb4e17fd130 [ 614.617897] EPT pointer = 0x00000001cd2e101e 06:00:17 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x101000, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000000)=0x20050, 0x4) bind$inet6(r2, &(0x7f00000003c0), 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@link_local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, &(0x7f0000000080)) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f0000000040)) unshare(0x40000600) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00') fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)) geteuid() lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)) setsockopt(r2, 0x4, 0x3, &(0x7f0000000400)="2dbc8da272735a451686f493c778301fd8c4824e8797ad5c397f8f70ac0db0d90fa943a369d89bfeeca5723c4d07f9ccecc2be67926a6b9ed5d328cde6874303db7415e66128e1acead2fa560dc27cc7f2ad5b7259f99de9905d54bfcacb92b9a019f8ed3d70eaa49a6cb89a8eda3c2bde2c00df66844008cc5ddfeccd69c092f77bcb5aad750ec4da0379a644f94f0fad2cb6a8ccf7ec018ad8a16cad7c72b41c09dffe6d61bd68cbda8852790d", 0xae) setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000000380)={{}, {}, [], {}, [], {0x10, 0x7}, {0x20, 0x4}}, 0x24, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x682000, 0x0) 06:00:17 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x40000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:17 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x6) 06:00:17 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0xe000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:17 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00?\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 615.165582] *** Guest State *** [ 615.172859] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 615.183162] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 615.192223] CR3 = 0x0000000000000000 [ 615.198712] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 615.210910] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 615.219186] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 615.226067] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 615.234656] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 615.243535] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 615.251738] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:18 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x800000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 615.260360] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 615.268557] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 615.277038] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 615.285245] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 615.293466] IDTR: limit=0x00000000, base=0x0000000000000000 [ 615.301770] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:18 executing program 1: mq_timedreceive(0xffffffffffffffff, &(0x7f0000000080)=""/56, 0x38, 0x0, &(0x7f00000000c0)={0x0, 0x1c9c380}) mount(&(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='debugfs\x00', 0x10, &(0x7f0000000340)='usermime_type}nodevX\x00') fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000640)='trusted.overlay.upper\x00', &(0x7f00000008c0)=ANY=[@ANYBLOB="00fb15059c461dd65d3eec79ed4be29baec15182e642a0cf6900000000000000000095cf5d48083dcd4d26b579b5ff64e42a468b0e4a2ab15be85556bf5836902ebf"], 0x1, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) readv(0xffffffffffffffff, &(0x7f00000006c0), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f00000004c0)='/dev/amidi#\x00', 0x8001, 0x100) symlinkat(&(0x7f0000000800)='./file0\x00', r0, &(0x7f0000000700)='./file0\x00') r2 = socket$pppoe(0x18, 0x1, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000005c0)) move_pages(0x0, 0x20000048, &(0x7f0000000400)=[&(0x7f0000eb3000/0x3000)=nil, &(0x7f0000d5a000/0x4000)=nil, &(0x7f0000001000/0x1000)=nil], &(0x7f0000000200)=[0x25, 0x4, 0xfffffffffffffff7, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) setxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000003c0)=@v1={0x1000000, [{0x0, 0x5}]}, 0xc, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000780), 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(0xffffffffffffffff, &(0x7f0000005040)={0x8, 0x120, 0xfa00, {0x0, {0x8000000000000002, 0x0, "cd607774648fdd0dac844be4f9b1d329d91eae837252e6cb920290c9d73d52b8a9ace7b0a440006535651282191a94f337131e6dc38451052abe84bc051f67439e97fb440a8bff6403f2f3406092adb35f6e886c3f9c6b6bae7cd2d48962ef32bc10395b73756ebb707fd0355c3c7b8f5eb4e7d4fde4ff060016549fac4fe38ebc943587f7b235da3d393473bf05c0da85a20e9a0700020000000000787d02d8534ad32505203304000000e6b04fe57d00008001f100000093c0110da3e96f1f5f6bed28d74a9d9bc669ac2e3861cbed023c263c63e61b2acd5d7ef55a249ad7c04e29f191c9d6c8bb200c9e6c5540a9438cd0c475e8ce0000000000000800", 0x0, 0x4, 0x7, 0x0, 0x2000000000008000, 0xfffffffffffffff7}, r3}}, 0x128) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) fcntl$setstatus(r4, 0x4, 0x2000) sendto$inet(r4, &(0x7f0000000200), 0x242816bc5d37a7b6, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback, [0x2]}, 0x10) recvfrom(r4, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739fef, 0x120, 0x0, 0xa8f) r5 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x40, 0x0) connect(r2, &(0x7f0000000540)=@pppol2tpv3, 0x80) setxattr$trusted_overlay_redirect(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)='trusted.overlay.redirect\x00', &(0x7f0000000880)='./file0\x00', 0x8, 0x3) ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f0000000480)) openat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r5, 0xc0184900, &(0x7f0000000500)={0x10000009, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x811, r6, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600)='/dev/snapshot\x00', 0x101000, 0x0) pipe(&(0x7f0000000380)) [ 615.332386] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 615.345634] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 615.358924] IPVS: ftp: loaded support on port[0] = 21 [ 615.363452] Interruptibility = 00000000 ActivityState = 00000000 [ 615.399742] *** Host State *** [ 615.409750] RIP = 0xffffffff8120427e RSP = 0xffff88018803f390 [ 615.429503] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 615.456162] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 615.467947] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 615.493254] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 06:00:18 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x10000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 615.502857] CR0=0000000080050033 CR3=00000001d2316000 CR4=00000000001426f0 [ 615.553787] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 615.587214] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 615.595374] x86/PAT: syz-executor1:20545 map pfn RAM range req write-combining for [mem 0x163100000-0x163103fff], got write-back [ 615.611423] *** Control State *** [ 615.614932] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 615.639967] EntryControls=0000d1ff ExitControls=002fefff [ 615.646954] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:00:18 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffffffffffff0700}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 615.654320] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 615.661263] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 615.667934] reason=80000021 qualification=0000000000000000 [ 615.667943] IDTVectoring: info=00000000 errcode=00000000 [ 615.667951] TSC Offset = 0xfffffeb4454c31cd [ 615.667962] EPT pointer = 0x00000001bc73e01e 06:00:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x7a00000000000000) 06:00:18 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8040000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 615.848300] *** Guest State *** [ 615.858590] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 615.873199] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 615.901215] CR3 = 0x0000000000000000 [ 615.909352] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 615.932723] RFLAGS=0x00000002 DR7 = 0x0000000000000400 06:00:18 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x3f000000, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 615.967264] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 616.022213] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 616.066986] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 616.075771] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 616.083907] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 616.091937] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 616.100055] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 616.100069] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 616.100088] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 616.100101] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 616.100119] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 616.100130] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 616.100142] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 616.100152] Interruptibility = 00000000 ActivityState = 00000000 [ 616.100157] *** Host State *** [ 616.100169] RIP = 0xffffffff8120427e RSP = 0xffff8801c5e27390 [ 616.100192] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 616.100204] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 616.100216] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 616.100249] CR0=0000000080050033 CR3=00000001d86ff000 CR4=00000000001426e0 [ 616.100266] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 616.100278] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 616.100283] *** Control State *** [ 616.100291] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 616.100299] EntryControls=0000d1ff ExitControls=002fefff [ 616.100312] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 616.212630] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 616.274863] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 616.290993] x86/PAT: syz-executor1:20545 map pfn RAM range req write-combining for [mem 0x174300000-0x174303fff], got write-back [ 616.307346] reason=80000021 qualification=0000000000000000 [ 616.319581] IDTVectoring: info=00000000 errcode=00000000 [ 616.343115] TSC Offset = 0xfffffeb3e40c8665 [ 616.351427] EPT pointer = 0x00000001d949c01e [ 616.420613] *** Guest State *** [ 616.424154] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 616.450762] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 616.471255] CR3 = 0x0000000000000000 [ 616.478393] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 616.491428] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 616.504233] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 616.519960] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 616.536950] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 616.555234] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 616.572311] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 616.589266] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 616.605183] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:19 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:19 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000000000100"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:19 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x0, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}}}}, 0xa0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000640)='/dev/vsock\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000008c0)={{{@in6=@remote, @in=@multicast1}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000005c0)=0x13) readv(0xffffffffffffffff, &(0x7f00000f9000)=[{&(0x7f0000242000)=""/2560, 0xa00}], 0x1) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/176, 0xb0}], 0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300)=0xc, 0x4) keyctl$invalidate(0x15, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f00000006c0)=""/23) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x8000000000000020) r2 = syz_open_dev$dmmidi(&(0x7f0000000a80)='/dev/dmmidi#\x00', 0x8, 0x80000) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000280)={0x7d, 0x6}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() io_setup(0x5, &(0x7f0000000580)=0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000009c0)) io_destroy(r3) creat(&(0x7f0000000480)='./file0\x00', 0xcc) llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f00000007c0)=""/196, 0x2b7) get_mempolicy(&(0x7f0000000a00), &(0x7f0000000a40), 0x9, &(0x7f0000ffe000/0x2000)=nil, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @rand_addr}, &(0x7f0000000180)=0x10) 06:00:19 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0xfdfdffff00000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:19 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x4000, 0x0) getresuid(&(0x7f0000001e80)=0x0, &(0x7f0000001240), &(0x7f0000001280)) lstat(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getpid() stat(&(0x7f0000001c00)='./file0\x00', &(0x7f0000001c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r2, r6) stat(&(0x7f0000001cc0)='./file0\x00', &(0x7f0000001d00)={0x0, 0x0, 0x0, 0x0, 0x0}) r8 = getpid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000002200)={{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@local}}, &(0x7f0000002300)=0xe8) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000002340)=0x0) getresuid(&(0x7f0000002600), &(0x7f0000002640)=0x0, &(0x7f0000002680)) fstat(r0, &(0x7f00000026c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000002740)=0x0) getresuid(&(0x7f0000002780), &(0x7f00000027c0)=0x0, &(0x7f0000002800)) lstat(&(0x7f0000002840)='./file0\x00', &(0x7f0000002880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$netlink(r1, &(0x7f0000002a00)={&(0x7f0000000100)=@kern={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000002540)=[{&(0x7f0000000180)={0x1044, 0x1e, 0x22, 0x70bd2c, 0x25dfdbff, "", [@typed={0x8, 0x75, @fd=r0}, @typed={0xc, 0x73, @u64=0x57}, @generic="09cc04775744a45f0d4ad428a6cf4cc8c830bec9e2e2685e481737705f2346dd97ec9a6dfba51a0ad8820edc367648ee7a0443fae9bb4f522a22ccf10a87110cbee72f102192983638db7f68dd1d5e585fde9ddc98881d36acbdc794a2f044d8177f5143d601a21f680e72b5f2d49390cbcaa0597e6d69a7ba12b2bc35ba8459be5501b94d7eca9327e0c65fd6464a0ae798d9cf81f930f6d199e246af603f42724b54d28f41dc8822f69d3907cc289fc4774f2561d6d0a758e002e81cc191b6c3853ea3377224de96e0567422c9b8940c4a4ff940756e1d4c3123b188bc11241ea8aea6335edc8e2092aa780dc9a2b4f5e4c70080ec9d2e07bd9e84700508a5230dd88c43e43805fdf8abb7d97cb87351b3209d280a8ca97bea0e5f1c1474672de822f42de62d638ecdea22304a00a77a583bc4b22e814740e4cd4e5e10f25745e7d0063ca16dad45736a82c017929c04e243ddfc3b0a0d42476640e062f30c4e67525a6f24837aebd8a3cc2038d4cc439360273c6f95a8c1ba5a314b96b7a97cea9e126effb09fb81aaa9fc5d8b6aacf58459cd70d722dbbe3cd2d84ad2626da9e808ad8dc6dc2bc5b85841e7175d61249457cf8993423a926167656c14da8d4c92b215eed85fe16d040d82b3155f5663d4aabb776c649d99b1ee04e430bac529849786ac2fc96d620a47461b490b6c6b3c8ec3ffb1fa72586bb98430eea35dc9ac42de559d9bd962f9bd11bc58aa8946f99604abaa91099794baff189b4992f412a3cb0b4b53e5df56bf5dbd523c783d478db6e5e317851526ad93953ce7d95ac0889fb0380e8e3e72b6140bcd343d1eba5757993f61af570383930ab949b6908599a22a19a175716700d102c2bbc3d0d31343dd883cb91224802ef67156bb8de005bcc567a6e2bcf9790a8938432adbfe587cebe52dbc1840bb427d7e57592fe69662f7044aa093a4bab4be2068604787b1813f6131a8084f0277563498c55638c1b7d9ab99c321bdc084be95118737523a98fc7954011c98d7693b08a134a68f7982a810aed29a0faf526994df2452b68ca729ab8cd2fb86653d4a1f602021a85582e1b84419dc2bfc2646badafad2cc02604b501319d9917b793ac7b4e2dd313d0d36e9940f0f0ed6d79a91dc1e37e3a6ab11ed1016f80a6f4b1edf9426f317aab394aec520bfbca77a2dc07c4615dad8876983288a5816c9c674861f750aa78e85ab298f312a12811b6e91ee54f89a682a5ae4a150265768c21849458a55f015f1b6a3b11987b45794df00e90c4f4a3b3894d9ebb52f91df5a19aebca197dc621293b6b974e2b07ccccb973e957d5dc66a1397d86f2707b2c0e3eef55ee57d2eb3d9770fef224501160492f8d1fb68bc98a13437a568c4d279e0392ce03118891a93f664e5abb69524e4a5a5a6c8f04cfa69cafc5d1f7cd7fa34cbf2791c5b641a7df5d7428b53d85c54977084b47967df2623f2d68b4381684b1148178d84e1e1489b41802de7243e9e9a1e28b787eca4799b773db0fd03cb184566f5a2df7a52dadb5a82214f508a942a3c0f5381eb9a759f111d8c6940e868c12e45f268a92e24f55c9b841538761f2f1f667ea0bc2a204c2316c5e51199b6a824d2679c656375aeda80b6e5b5161454c172d1d3b70bd4ce38c6303547ecc1b6ea43ccd7d9fb70a3681a27e5b5db174ddbdb5bef33fb51f566008866438776055dcf1b16ffe073b51d59d627e8b583afa2c631f8c10c3c06202203a27407875b4e86c1f12572004816f4aed1df5bb23353f8de999564ffb1b27d36570902a33c0ec59d5f6343fea47b9001ca31962a9d2c4a00cdec938bbf9def919dcb2e80ed6cd6cd8631418acff724945bc83ffd5ca87f79c81dde5a9c9c5e18f5406f374fdec4a8311a84b5187e113d505f6d5ff779b9bc3f86940e57be5618868c9aa9f45a6da7b904cd52c9b8fd49889f879333bbf111f4c8e48e380f363cff8e634dc401ec97abade313c44b3225acccac3b82b66cc61e47774095c5c29b2620d3f5b87bb48a7c975baaa9eee882e7bf75ad4dfd001e955f437e993dc030e1ac2a6136c2e682ea74ef24d13690130981a219645a466973414ad5251533a13ef9f10ed939f8c657fa77affd2fb7d66b47431870679dc0fd39ca5bebfd36867e3be8fa7ed4fbd540ac292bb936953da323c4a9d1d18c2363b976dbc7139297b48b15751ffc01b73f71b60a8b9ec02492a3dfb189bf583f7a1ed275b2656fe976d5b8692a4ce987f2e2a1d4cf823814ae2a2514ecf697c4f53b745fb1758d8e155a843942608605104a0499e59a39a9e0d2d1321a891ee70f983ae155a04430cae0daa8eb5b4975f3e6017fcfb82d1d513e2d0d5bfcc9748440277e8af1fc3f2967d4e19288693c407112529b17e711ebb0c4fe31b7df3666170ceacbc77b51d3c01836cb93ff68b7c38438db24b1d57957bb59709d31873f04952b47f7fc7524a3385a4e46c1d2cee6c6f9afa5dc1966550e45c04c0bdc7d53df45e8c35fed2e481909f2c424659ae8aa6db406252c4c594336d64a30eb094bfe2e81b9befb812aa9c9f7a0fca323542d3be910e9ba706a1ec527d62e0a783bbdcc3aada272a8aa3b3b0000815954fc1f2a9ca71441c8c297fbcd132b732d57d263874cb89f1db0cd6113b283e728392a28cb417757bfab7521658c7143e1b3d5b437c53bd7751f63beaee15695185112fae87a3490090ade37415ad51193d230ae1c2dd1125dc0756cdc2094fa8f19053ffcac2f5c9e96b7cc6b5c3498c2d47f6a10f1307d9e865ac9589f6f884b3379d6a3c900f3e15b635bf2cca5e421ac41cc380161b153ec958f5b6d34dd35121859768a1d9931d0eecb10bb1cd01a46275cbf7230f24a4a4ac6c174d67863c90e7934c15647aca3f5570702d2c9c4ee6733ab844706c866ba89f9bccd1b5fe860df5521dcc88d23440e143e0a7fe47e2942512cc228b47178e7ff209c75f4ffebaaebf2840db9ebb2bb929dc17e831f480b27d33d827da1cd06c0c8e86c2f56739b9a1c7a5bc2d25aaf429fe5f7a0af14f13c5de92be2d520851d7743a0c5a7be5142f7f9ce7b44d0ed7df720d0b3eac6d5604863bb65b17408743ae2c7f435a7002054327f4c82d5525363e59a260368b6a57a2a34a722dffa3ce15154e2c77e55044a9b21406fc8654267767f107624cf76e7f9dbe4cbf44eb74c3299ca331c1174651eb2ef80e9f17c14d1b92d5c90a34b72c9470116c2714379f75d412ca8c274a6841cb30f387c8e90bb4c9f70b3da30a0132a07b4eac0eaf66b9a8d491742685d59b06e83b03b272b43fc1ff513b8c75197016bb58d8254e600c956bb67d8e82d36387db2c73933fafd19d9c435c46e4befb255c2e5b57fb7036c673d8d0c114cff79ebc0e8935101b3f1a82d7505554917fb866c9c42403f43094bcdeb0e1216186995f19a486b4b71bbdc7373f90ee57a9278b67fe0fe0f5075ccd315537c749a2c7e0dbd411bafae001fd6993e4cd8f3402009f3e914e75b1dd3502c34082cc1e9d01c444586ae354308b87ba62a30220030b42e6756a90c8ec023710d39bb87f2d6c30345998c5dc67c0ad1383f55877c7354edb622111f60c2229c8d4f6acf57edb8d32dcd8802ba31c096b9b3a51412a30dc8911bee1906700947579341a404756b00dd8d90da9d36df055f43ca1ebd9d04031b985c08791e385e8a42d4fad8e24a709e3d61c62b0f8e08274b292f7072c88998be0a7360e2d84d6a85b4838c564b29fcb85280c84ade7128806843b7e0a64ad2401e1d03ea18fcda372201952eca7ab0704aaf277765103c2ae44ecceb0ee9897907c176bbb82e6feb92e3248e2b62027ebf8de39514ee3d26ba0707de4b047e0a040bcd569362335ab734b6128ab93688fadefbcce8515881f148b4bef0a161bcca4f0aeac719be9e140e9d5511a1ac6e8779c07986f8d1559d66fdb44acb87707c44520c230b018c71c4c3ff48b7311a07ab35643ae9420779af767acdb3101f2edce571a0159b045ed664826b731af8825d298c94c8ce4f9d1d88d079a9b829c03aa4c052e089b4628d0e3e87057f207a0535c5aedba9fd0c2bfbefa4cbc40824cf0747a8408ccddf45d28fbb451829795712d196b28e0aa8de9b31311c14e313ed0e115210d985ea18b23ba0d1620d841a3d090dc1b43bce337d5aac5ccf96811405e2ef4e0869611ccc8fb2482d8476119b4ae17c8cabcb4548f773d0e1c9821bf51112110f7a1633f2d8b6de558fbe05b3eacba8b77c72b2bb22beccf975cc041ac9a7f6637eaa6aeea659490cbd3e862b7e6eb018a408b67753c4f29fabbefd46938eea7555efc9e4fb618bd7271e7c6428a55157ea8fb1f4dde331dc2865258e85906ef16ed9537f92cf0339be5461e5aded463fdb265f0718b0c2c9c405112d5cfd920279c79fe44bd3bf43448796a6bfa18b2fdf4bef00631c3d27903fdad758623c2b14cc6409a4c2c2995c1adf00d7de51f421d1e1e8e0584c5106427fc71c28fe45cfbead53f6421ea9a5cdb123ed26b164a39497b5b63ecc79ce160d38655788049926a715b7db4a9a215cac1383eb16992198e19f85194b063807d6f473884c02413f57ab94116099344a4a66c3824aa167cdde249913992e739cc1ffccd7a5dfe98e17d1859d7f4d4414f38b8fd9e42157bd7745fd9fe2c2047ea531e39cce9bbb973d34a2c5d7714f39a2925b81cc113f6cf7982fffef95eb32ebc2f79ad8bc0f1f35d47f9729bac6f760e276d6e8f0e2b78e12704430b0040d5f5cacb79be453d9c3b428ba6d21414dc59aa455def7afe0c5443f075b3fbf88d9a2c9baa31791a41fde591a5d573f4b754f0241a44394b442eec767d2e1b8290050a0fd795642f8367444536344e3637bfc5be4e74de2dd378dcda00a3869d0728186dda075d73092d63ccbbdece3d34bd2e740f18510b51296ca839f52bef063f3cbc467d468777b614ada21647f8f1ab89b260656ab2fca88eca03653bd21586bc8e46bc08b808019c57a8596b29dd9dafd9e9bd1ae2cfb628dd25d15de582ad66adde25d92747a06f845bd67382619f01360296a6700d034a883a7a0f36b2eb3a47c814637635fc05f0e556f53f0e6c69ea052552ec1da58934c809f86db122a8a6d4a679b4da6346bc940edfe8a28ddcb5cd04ffd0a5117891b4a18e04e8469299edb34e769c5b0b5caee825e3bed02481b029d9753a8edc18af675cc54ca0adf6133031ce833d5adca9181362a1eae3df73d448ca20f5f25172d274a0480c8f9fde7611572c183518ce34ec00077222311fd8fb1b630f5f279e34e2cbeaa9435136c165174cec7599d1cfb6d9df14bd22dc899b65a606bb9972b27a6ff4636e1997bd6055883c0dafb49dc116e5535827a491f652336465881e453accfc64f2285a334f85542b34dc86c7e727a7baec1716713e674040f10434be57f1f1a8d786f627aa9beac6456191cebfb4dd1e245ef2df9140587e8e3e82cc90c25e0b3ae44703bd336935fe60299d4b47a56a2047e9e9215129393c44e8b555ca3bc0c7a89f88bd73a4ef3dd608c994282d0efeae5a00a91def1e5b0a560d9b53a0ee4ad20d711acdd281874fb45cd7d2d4730e1b85225caab0aa419de8aa59e9586bb55d9db812e4066280992387e650f9f352ed8f58741dac6f08abcbca2d7a9a330ecd6399f33c1948a104fc12289a20dbce5e96700ca9453962f3c7ed5147dee92394b841b91fcceb4bf2cdc0e8b22fba21bc8d76ea34cd64160e533b3ac83e", @typed={0xc, 0x65, @u64=0x9}, @typed={0x14, 0x94, @ipv6}]}, 0x1044}, {&(0x7f0000001380)={0x460, 0x13, 0x1, 0x70bd2a, 0x25dfdbfd, "", [@typed={0xc, 0x38, @u64=0x10001}, @generic="d53698eef66e5f0de424a162e58cea911324318682cdf50b17fe6cc21069f198bd981b5c37b6693df7ca3f46f8ca76ee777850180046146856c7c3bd77de19f50e40614b4caabf0ad84ff75f5d38735bb65058acc988f57d19e3c2ffd6360df667d6acc792fc77342183619d89b7f57ef4353ab28ccf968c8c3fa0ddcf1078b8ccb793f0aeeb4abfb5bff63d0e2dcbf561506c59d8753acdd1e18fc73e8fe7a0160c0bdb50f331c2c99669000cda14bf3cbdc5426131bebe5900339ecd164c037de5423f3b423a612fe00c2a1d6810debfcf554ab86c18cd7c0fc4a5c38b8e2459a53d888c9602240653bd31c19ebcdaef604795eb", @nested={0x10, 0x4c, [@typed={0x8, 0x72, @ipv4=@broadcast}, @typed={0x4, 0x6b}]}, @typed={0x8, 0x28, @fd=r0}, @generic="ad2987e2232d6fab2951aae39cf257724d295f41c4edf1e9", @typed={0x8, 0x4f, @uid=r2}, @nested={0x314, 0x6c, [@typed={0xc, 0x1a, @u64=0x8772}, @generic="e350ff704a3b4f8c0291cebd3fddc10b1e102da73354fcfecedab9dd953be73f49fabf2fd3c222c52f444eda9491c230110ae1af534415ac442cace849e95703eb71ef3a293efeb665c4a95fe71f674e7be4123d95586045ab925a2410ace959a7bb798655af49b070b9d675492e9279ff6636b0b1e3bce17ee5d948e62b127fd04f09c4f11720928fcf6a7f25b9be9577518e8908ccbc2130471a65cdc72169e08185c6fa607b8120502184e9c6ef530012cc632ec8e5e1fe41441cab5576ea969295fa8b8c3f4ba306150d", @generic="8a676248a79878b76e0ebbeaa4bb7ab04fcb90275b210416d5e8e4077611a3e3433eee40c533decb80035f6cb89a1f8f8238417e598096ed657071ea7a0a1331c5dd4d42982ee356acc4b8fb0bb4091c0703e9861c1eaba514ff14ee22345dfea5b62814b43e14236d11d90458b3e489228e497e3c65a49dc276cc2129022cab57da227fe5a100eac649613cde806a8004d833da9131cb9312d17b29e7b0504cc628b83331520d423a5e5c04952a0825cf872d312c12025015", @typed={0x8, 0x4f, @fd=r0}, @generic="fe23fce382002d49bc22bea151664ec6c691fe826106d9bfcdfbbf37f7ce8844dfa2bbbc628b82b3cad219716822ab22fd1e309a6b5a1199bb191cad2121b95330c9c7d83909391352d2eb4c061f2296f8bf4d5ab967f539af6ffd062d73798367ea9eb86e0d9a37639ff59009ece843275a9e3af632beeed976816a72f99dc71a8206139af9cc9d3782dcef2ff82635203ac9faee183cd0a1fb05eae67a426c27f2b5e1dc7926e97c0353a38785bce7cf21157bbc8ffe47d3363eb655b7f0f8449141b7e4bf37ee05f98fa8da92ca20f18dec58171e7bbb4276", @typed={0x10, 0x3f, @str='+md5sum{\x00'}, @generic="7eac369927ed3937da69dc857027af944265dc699071cca54bad9a60e7d9b588c08ce1e84cb00b9ea3b48efba7260b3d91dd851785a826a27bb07d23378d8f137593d8d4b14543d280a719d48fdfde9d1573b3413cab3ae96bb6e612d174c3589643b82ef2d1e7493cda8f27ef5219ef9575", @typed={0x8, 0x72, @fd=r0}, @typed={0x8, 0x41, @uid=r3}, @typed={0x8, 0x2d, @ipv4=@multicast2}]}]}, 0x460}, {&(0x7f0000001800)={0x3e0, 0x2a, 0x20, 0x70bd25, 0x25dfdbfe, "", [@generic="9c4782fdda99e8528ac9cdbf4241e44cb89bb34f2574e7752a1dd7566f8034ae3887e6aa01b3a15ec94a1fcbd7ddea72c0ad779d51a55323d284d74979889b21f9b9", @generic="75dbad8d1c203d46bed59b251b17e2e44c8205e97db00fc78158a541290eea2561638fde963bc8a6c7cb933c60d29ffee9fd6a6153cdb4e3d27d45c0c73a39dcb9bbc43667d26f4f5aafe2d0307ac7ed6f792803dcd715cbffb2d32bd7dff59891351acd09f685f94aa260c010f470a6db977001eb1590899ba22955ed81519c519c4ede03b81a4f474d14374d7cbaa56d7a5ca6c1324128072a088f17ce5aa3c4398fac982d81722f35b9bfb5f3ce3e5e1562bb4bb4420df05d596c895d3be902ecdacc83267ef7f3", @generic="043120b649a7828aee68c24f4b2dcc90e0f6518a1ba6a663049458c0e17ad176520aecbe9cac6dfc01cdfbba06d510a8e0e8409740be8ff4747fdd346003de8d21ac4024a5ef0297092074e0cd449182f53d2c5da0db814dbdb4efc51d38499e86bb4fa10a219a7de48fcb70805a95b32dedbef716087825a4c96cc9e8ad8b2bee919b2667127ae6cef768303642b6d64503ed459aa5134ff0160eef34db374453877437fe6d9faa3fd59cd1a7e402489ac67c3132bc7fbcb2f6b4333e2a9dd07cf9bfe379", @generic="872a5b9500c5714bc4dc8f2f38454e0eec0505c1cf21fe976ef56c7017777bcc57d316ec2815478a34784c64811744548d33fe7ee8808548bfa24dd05e222298269b76fe82e77763c4ec3c0f903c9ee3b1a508c9acb8477dbae94f31092e84bac8c8a16cc04efefb7cb82ff9e643a54e53c3b83af1dc65af966f31c57cd392467465467345a29f26101e86d90cf879cc64c862b6c51afd2c354562a14516069f24132470facc70d08531bd024268eae59caf66a85bf31a422acb3f644b3adafcfced43f5650aa644b6325a1101159f96070b3e27", @typed={0x48, 0x63, @str="766d6e6574306e6f646576776c616e3170726f632d7d47504c2826267b626465769e6d696d655f7479706547504c2f6d643573756d21736563757269747970726f6300"}, @nested={0xe4, 0x1b, [@generic="608f89d6587ea41e27fcf1192f6a1ebc9a2012d672ca113f9f6dad01265141ebbd4c961ec4e07f92aa8aede35f16f2cd10f4b5475f4c148d136b98da1ce7493ad0a1790eb3ef4af78e0e48fff00395d1a9984b49ee0dd15934b1579f156cf35c397dcf68a35831d5cf818f8268342618ade392abdd2287cf7d48eb790a337cd405eacb42c3da71ef59afaf64ecb2986a6d7d6c9cfa2a6b637f22da2e4e7cda22a3f84498c7f1f656000003aca9b67bec0c6c97545d0f1a84871449ed4c45efc5fbc79179a41ca2dfb6f6350b", @typed={0x14, 0x8c, @ipv6=@local}]}]}, 0x3e0}, {&(0x7f0000002a40)=ANY=[@ANYBLOB="500400001300000025bd7000fedbdf25080090000900000014004900fe800000000000000000000000000017701ffbd550e47cadcb251f51fac4bee2526c89f4b87621818950acd6ec83bee2e3a16faecbf0d9fbcf651bb49d31f24cb654b884a48be66532f0fe3663e6e904422c3caf78a5539d8c230214ba291d9408915aa2b756d4f0c6b1e3f2df20f5332d909540650c1f72330d3df0c4662b0f65c671b8d9abcca642d2d5e99454e8c7bf7c0a6ad69d54feb8af6bd35c49e31b326a5b30df52b421a3b4c24e6746986ba8e677d063f87acf11721931b12769c38aa271bcca9e1ae81160695fbfc83862fed5d9a4211fe11ba8e12b59d3f1d9741908006f000100000038015c00080057003f00000008006100", @ANYRES32=r4, @ANYBLOB="180068002f6465762f76346c2d7375626465762300000000aae46103ed024f3733ffa6037eaf23ed08420193f6843d287fca621bd01860a9706c6e572c3904e0d1361f28407dc9c41ae3b52ad5d16a280fbc5fc5ecbc4283e64a64ab6abf8308aadf9c35cc00905e1ad0fa0f6458fa42079ca13e763fba13ac2240ca53ef7f8826db4de479ae8a5b7a5485237285e98e8c0da68a0e629cb60a7398791e9c44024e80146ba793d22804c390e237f2ca8d9710fccc36ae3bc3dabc4751f37ae204378ac61543d246e61172ee04b517241c8e346f498b0afc3d6fc53254d183cdcd404b98d7408dd49e847c0f605744982099d283e3db65a2735b6251b8e000d366a8d55f040063004aca5aa129dbbdc0b86b25e93f7405d4837c9cb447c5dbbfd0aaaf0000b40139000800320007000000065c42d01214dc7246d3c23cffd3271d26b0b66f216fb155c587bd30a458bd2d617fbc9a4827178ba928fcda60f3af53fce70f897030e6e14befde8924fc59235c835aee30a34ebee4a3da787ed7c664df13fff81109d7b7d98cc2708c7412a4c9f3b9ec3ecdbc296804623a3d893c9b6483a67be6b628b87b7189f01dc16adbcc591b22537065aef041284f2d4153380d58c94b99d15c5af7f178c8c33253ca7847da9bcfa8d03c7d3913a7e2bb5bc03efab45c621478e84ce2e739c97b470e89ea2cc64a32b011467fda86860d87605f4d7f51b31ccc04dffb00bfe3832c58770280dee09a87cdca6aced9c55cf0b5cdd7024d6e75cb18fb8fb6c292956b4cc1d3b65c4749a36fd3fbbae349ddd545618dab6656fb1dfce061fb3072ec89d9e974e29c4c07df0a4da9d745e1bf884b774fbea8ce00580f179c5b3ee8a27ff56d0e611551f9593d5d0293c8f1b21a69a82f901bc303b8fca08b7fc2c92acde274ffc696ec885d49b6968b13576556fe50c5d447a097073e1a9ab5357db5e03eb16ac01812c7665d7c7d87ef99e67542f0eed5cb8f0dc9dbcbaeb261deecbd08009300690d661201a9d3842c15e0b7d93a131c89a158a7dfa48521ea3af65bee0f22f5e347188add244c58f59f7776a70aa41b22f0f411ede666969c5af4809ea66b293abf780ff65a3ba98ce5740524d1fa806c13c09573dbca5abe50c6941e71cda3c5b4b298859c1fe5a51bbeb1180a06bf2a171d67ab986ce00141ef87d2f7adb1a78aa82d18cde3b38cef90d787983f51ff9fc1faea8e73d653dfc7204e3a4be0516a9489f4530d9d0d3d2b4610c9d513c2ad617bbd4f9ccb000000000000000000000000000000", @ANYRES32=r5, @ANYBLOB="007f4f758d84c4028b969455df067f5ddfb37078b70ae845317db9c415b549d046efca58546e71d23c8407cb40e893136b494aee7f69c83d35d4b06468550e1602a51952308f394ae762b01ab16d08008c00", @ANYRES32=r7, @ANYBLOB='\b\x00&\x00', @ANYRES32=r8, @ANYBLOB='\x00\x00'], 0x450}, {&(0x7f0000002380)=ANY=[@ANYBLOB="b80100003400000827bd7000fddbdf2508002a00", @ANYRES32=r9, @ANYBLOB="08008600", @ANYRES32=r10, @ANYBLOB="90013100b40029009f8d6e89f9edd122018bb6911782c5beeee5c620fc599ea136c4bf80d801e2ddc98ac301d492b0430de59040abc2b25aeff695d79377a8752577e9ca987c5c67c021779555d6ed398b098b11f1086a7d724dbc0d5a77084dfd75da538463036785ee1f7305f7712073301e9062c63b1ed655632538da0bdc2e7c9eb8f8b1a3d8047d80a0e58e22bde56075136f8aeea64a772902fe50ef8118781e03e3201abe073753e4d041c9a589201f32d70e000008000200ff0f0000c5df7c8d93b6c0362b74318d6c710bdacbb7a5862e951dfa6003182e9c7d009223abe2a063b6db8b67f41726f6a8b36f4827848856594d75bfb74216f6af22bbc483f41bd6d38ca59b2ec44e5df70636eb04bd47a2bcd17b10a253ec566b673ee453d58111ab97fb7321c214a1f295f73332f291ef55b3fc0a851cbf6d8cdc28d26a949e296331d26f2e8055ac54f32f1d713c699d778440c92426c727851f5db1fe27ce7289d0b45af158db73fce9ddc7df0e48d0867ee94efccd43c3a428dcf50f4e0b3d730db2544ca88de592f7930800100004003e00"], 0x1b8}], 0x5, &(0x7f0000002900)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="00010000000100000000000000000000", @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="20000000000000000100000002000000", @ANYRES32=r13, @ANYRES32=r14, @ANYRES32=r15, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0], 0xc8, 0x1}, 0x4000000) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000001d80)={0x5, @pix_mp={0x3f, 0x2800000, 0x30314247, 0xf, 0x6, [{0xa7, 0x5db}, {0x8, 0x9}, {0x3, 0xffffffffffff0000}, {0x1, 0x9}, {0xfff, 0x9}, {0x5, 0x8}, {0x2, 0x6}, {0xfffffffffffffff9, 0xaf}], 0x39a, 0x7be, 0x3, 0x0, 0x3}}) r16 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r16, 0x80845663, &(0x7f0000000080)={0x0, 0x0, 0x0, [], &(0x7f0000000000)={0x0, 0x0, [], @p_u8=&(0x7f0000000140)}}) [ 616.669681] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 616.680275] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 06:00:19 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000000280)=""/94, 0x35b}], 0x1, 0x0) pipe2(&(0x7f0000000000), 0x80000) epoll_create1(0x10080000) pipe2(&(0x7f0000000080), 0x4000) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp6\x00') preadv(r0, &(0x7f0000000480), 0x1000000000000052, 0x0) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x101000) [ 616.727306] IDTR: limit=0x00000000, base=0x0000000000000000 [ 616.756529] Unknown ioctl -2143271643 [ 616.758333] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:19 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x6}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 616.799562] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 616.809364] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 616.826136] Interruptibility = 00000000 ActivityState = 00000000 [ 616.837383] *** Host State *** [ 616.868509] RIP = 0xffffffff8120427e RSP = 0xffff8801834ef390 [ 616.902902] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 616.949598] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 616.975276] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 616.995793] Unknown ioctl 1074275332 [ 616.996120] CR0=0000000080050033 CR3=00000001d86ff000 CR4=00000000001426e0 [ 617.033896] Unknown ioctl -2143271643 [ 617.039391] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 06:00:19 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x100000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 617.063141] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 617.111468] *** Control State *** [ 617.127828] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 617.150242] EntryControls=0000d1ff ExitControls=002fefff [ 617.160375] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 617.181512] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 617.201514] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 617.222903] reason=80000021 qualification=0000000000000000 06:00:20 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x10000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 617.278875] IDTVectoring: info=00000000 errcode=00000000 [ 617.306631] TSC Offset = 0xfffffeb3e40c8665 [ 617.333896] EPT pointer = 0x00000001d949c01e [ 617.371674] Unknown ioctl 1074275332 06:00:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x1000000000000000) 06:00:20 executing program 2: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000004c0)}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f0000000700)={0x16, 0x98, 0xfa00, {&(0x7f0000000340), 0x0, 0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x0, 0x0, {"6d3a03a22ad13804238c25806cdd75ac"}}}}, 0xa0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000640)='/dev/vsock\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000008c0)={{{@in6=@remote, @in=@multicast1}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000005c0)=0x13) readv(0xffffffffffffffff, &(0x7f00000f9000)=[{&(0x7f0000242000)=""/2560, 0xa00}], 0x1) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/176, 0xb0}], 0x1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000300)=0xc, 0x4) keyctl$invalidate(0x15, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f00000006c0)=""/23) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000600)='/dev/qat_adf_ctl\x00', 0x600001, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) mkdir(&(0x7f00000001c0)='./file0\x00', 0x8000000000000020) r2 = syz_open_dev$dmmidi(&(0x7f0000000a80)='/dev/dmmidi#\x00', 0x8, 0x80000) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000280)={0x7d, 0x6}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) getpid() io_setup(0x5, &(0x7f0000000580)=0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000009c0)) io_destroy(r3) creat(&(0x7f0000000480)='./file0\x00', 0xcc) llistxattr(&(0x7f0000000240)='./file0\x00', &(0x7f00000007c0)=""/196, 0x2b7) get_mempolicy(&(0x7f0000000a00), &(0x7f0000000a40), 0x9, &(0x7f0000ffe000/0x2000)=nil, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @rand_addr}, &(0x7f0000000180)=0x10) 06:00:20 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000000001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:20 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x804}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:20 executing program 1: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x8000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 617.618819] Unknown ioctl -2143271643 06:00:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x100000000000000) [ 617.724039] Unknown ioctl 1074275332 [ 617.870924] *** Guest State *** [ 617.875506] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 617.887815] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 617.906838] CR3 = 0x0000000000000000 [ 617.911893] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 617.918006] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 617.924487] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 617.931998] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 617.940374] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 617.949679] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 617.958091] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 617.966400] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 617.974785] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 617.983118] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 617.991451] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 617.999638] IDTR: limit=0x00000000, base=0x0000000000000000 [ 618.007961] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 618.016225] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 618.022989] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 618.030833] Interruptibility = 00000000 ActivityState = 00000000 [ 618.037170] *** Host State *** [ 618.041657] RIP = 0xffffffff8120427e RSP = 0xffff8801807bf390 [ 618.047792] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 618.054629] FSBase=00007f09035a1700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 618.062822] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 618.068843] CR0=0000000080050033 CR3=00000001cd1e9000 CR4=00000000001426f0 [ 618.076208] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 618.083338] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 618.089515] *** Control State *** [ 618.093342] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 618.100359] EntryControls=0000d1ff ExitControls=002fefff [ 618.106025] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 618.113313] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 618.120337] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 618.127034] reason=80000021 qualification=0000000000000000 [ 618.133811] IDTVectoring: info=00000000 errcode=00000000 [ 618.139394] TSC Offset = 0xfffffeb2d3c7ec39 [ 618.144050] EPT pointer = 0x00000001d811001e 06:00:22 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x1f00000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x20000000000000a, 0x300) r0 = syz_open_dev$audion(&(0x7f0000000340)='/dev/audio#\x00', 0xc350, 0x2) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000380)={0x8, 0x3ff, 0x0, 0x4, 0x6}) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000780)={'filter\x00', 0x7, 0x4, 0x4a8, 0x0, 0x140, 0x280, 0x3c0, 0x3c0, 0x3c0, 0x4, &(0x7f00000003c0), {[{{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @empty, @remote, @empty, 0xf, 0x1}}}, {{@arp={@remote, @multicast2, 0xffffff00, 0xffffff00, @mac=@random="e9d0887c1eea", {[0xff, 0xff, 0xff, 0x0, 0xff, 0xff]}, @empty, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}, 0x7f, 0xa6, 0xeb4, 0x100, 0x4588, 0x800, 'bridge0\x00', 'dummy0\x00', {0xff}, {0xff}, 0x0, 0x21250f29eb0a4f43}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @remote, 0x8, 0xffffffff}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@random="b2c9ffaf7ecf", @empty, @dev={0xac, 0x14, 0x14, 0x1f}, @rand_addr=0xe4}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4f8) r1 = socket$kcm(0x2, 0x400000805, 0x0) sendmsg$kcm(r1, &(0x7f0000000740)={&(0x7f0000000280)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000200)="ff", 0x1}], 0x1, &(0x7f0000000600)}, 0x0) r2 = accept4(r1, &(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000000c0)=0x80, 0x800) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r2, 0x84, 0x1b, &(0x7f0000000400)={0x0, 0x3b, "f082c73385b2a5b4949012a16c49c3d29012e88ddb177ead0703d7b476bd327a5b2a8119087bb22292adb937f07899b38af0b5204d48e07a322528"}, &(0x7f0000000480)=0x43) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000100)={r3, 0xfffffffffffffff9, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r4, 0x34, "70e2a734669b0350eb2ec8e08e6e042766e63894e24328ba9a5cca00fc09015f8ff38ebc72a26c46b0c2263b297bd945f235d2ec"}, &(0x7f0000000300)=0x3c) 06:00:22 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x7fffffffffffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:22 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x6c00) 06:00:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000500)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x10f, 0x2, &(0x7f00000004c0), 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000100)={0x0, 0x0, @pic={0x0, 0x4}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x484b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x2, 0xfffffffffffffffc], 0x0, 0x680}) r3 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x185, 0x40) ioctl$TIOCNXCL(r3, 0x540d) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000440)=ANY=[@ANYBLOB="020000009fe736f1efd064d4806cb2e8577571684af82300000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000240)=0x24) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000280)={r4, @in={{0x2, 0x4e20, @local}}}, &(0x7f0000000340)=0x84) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x0) 06:00:22 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "717565756531000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 619.870069] *** Guest State *** 06:00:22 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={"766574000000000000000000bd6800", 0x43732e5398416f1b}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) fcntl$addseals(r0, 0x409, 0x1) r1 = dup2(r0, r0) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f0000000000)={0x3, 0x7}) [ 619.890410] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 06:00:22 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x20000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 619.932475] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 619.993601] CR3 = 0x0000000000000000 [ 620.008985] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 620.026208] RFLAGS=0x00000006 DR7 = 0x0000000000000400 06:00:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/sequencer\x00', 0x200000000109000, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000780)={0x9, 0x10040000, [], {0x0, @bt={0x800000000, 0x0, 0x0, 0x2, 0x3, 0x487, 0x6a, 0x9, 0xfff, 0x1, 0x7ff000000000, 0x7, 0x4, 0xfff, 0xa, 0x9}}}) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff5c, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, {0x0, 0x5c, 0x0, 0x5, 0x400, 0x8}}, 0xa) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x404010}, 0xc, &(0x7f0000000500)={&(0x7f00000002c0)={0x40, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_AF={0x8}, @IPVS_SVC_ATTR_PORT={0x8}]}, @IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) r1 = socket(0xa, 0x80005, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'team0\x00', 0x892}) r2 = getpgid(0x0) write$P9_RGETLOCK(r0, &(0x7f0000000480)={0x24, 0x37, 0x2, {0x1, 0x200, 0xfffffffffffffffa, r2, 0x6, 'team0\x00'}}, 0x24) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000240)={0x0, 0x81}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000740), &(0x7f0000000640)=0x8) r3 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x80000) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={0x0, r3, 0x4, 0x2}, 0x14) socket$inet6(0xa, 0x5, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) ioctl$TIOCSLCKTRMIOS(r1, 0x5457, &(0x7f0000000100)) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000040)={"7465616d30000000000200000500", 0x79}) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x1}}, 0x44801) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000004}, 0xc, &(0x7f0000000840)={&(0x7f0000000700)=ANY=[@ANYPTR=&(0x7f0000000680)=ANY=[@ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB]]], 0x1}}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000380), 0xfdf5) write$binfmt_script(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB="2321222e2f66696c65300a4077511f5c104d045964634434d99dda0e2574b0fa0f30f825795782fa9e75ab23c9947034151ad3e23cf0e219330fdee23eab3cb6d4127a8026fd5732c378a1cdd5bccea9ddc53772687fb7c6dc686f28ee02e8d27cc1ddc05006b69e97aa3efbb34bdd2dd98bbe63ce78243aa8ecbc8fc2085d9cbca9e2c8432d87934ba874b77da476bce064e569ff1ca9f7c0c555b8ad15ca6c78a8e19ed04f662a98413e57f1153ae700f38b9bcd05847294f94dd53d4a199925780c84c1e011e8e9a715421152c656704b4a4a00a0d62b75201a46a784432750cea372c00c1c5a2892c12fad"], 0xb) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000180)={'\x00', {0x2, 0x0, @remote}}) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)=""/39, &(0x7f00000003c0)=0x27) [ 620.053993] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 620.083250] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:23 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x40000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 620.128368] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 620.144257] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 620.160005] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 620.186601] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 620.219996] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 620.248240] GDTR: limit=0x000007ff, base=0x0000000000001000 06:00:23 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x1000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 620.306592] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 620.363620] IDTR: limit=0x00000000, base=0x0000000000000000 [ 620.380186] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 620.400311] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 620.417454] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 620.430046] Interruptibility = 00000000 ActivityState = 00000000 06:00:23 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xffffffffffffff7f}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 620.458305] *** Host State *** [ 620.472892] RIP = 0xffffffff8120427e RSP = 0xffff8801b5397390 [ 620.494742] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 620.510070] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 620.518008] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 620.580590] CR0=0000000080050033 CR3=00000001cec33000 CR4=00000000001426e0 [ 620.587657] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 620.587670] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 620.587675] *** Control State *** [ 620.587690] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 06:00:23 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x3f00000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:23 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000200)={0x2, &(0x7f0000000140)=[{}, {}]}) preadv(r2, &(0x7f0000000180), 0x94, 0x6cefff7f00000000) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f00000001c0)={0x10, 0xfffffffffffffdda, 0xfa00, {&(0x7f0000000240)}}, 0x38) write$vnet(r2, &(0x7f0000000380)={0x1, {&(0x7f0000000280)=""/88, 0x58, &(0x7f0000000300)=""/84, 0x3, 0x7}}, 0x68) 06:00:23 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100000000000000000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 620.721710] EntryControls=0000d1ff ExitControls=002fefff [ 620.727206] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 620.758259] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 620.779965] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 620.786655] reason=80000021 qualification=0000000000000000 [ 620.799912] IDTVectoring: info=00000000 errcode=00000000 [ 620.805447] TSC Offset = 0xfffffeb1c5e26b7d [ 620.810804] EPT pointer = 0x00000001d7f5301e 06:00:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x600) 06:00:23 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind(r0, &(0x7f0000000040)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x3, &(0x7f0000c91000)=@framed={{0xffffff95, 0x0, 0x0, 0x0, 0x0, 0x57}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0x99, &(0x7f0000000180)=""/153}, 0x48) 06:00:23 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x100000000000088) bind$inet6(r0, &(0x7f0000d85fe4)={0xa, 0x4e23}, 0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@local, @in6=@loopback}}, {{@in=@multicast1}}}, &(0x7f0000000140)=0xe8) recvfrom$inet6(r0, &(0x7f0000000080)=""/137, 0x89, 0x0, 0x0, 0xfffffd00) r1 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00005b1ffc)=0x1, 0x4) sendto$inet6(r1, &(0x7f00000001c0), 0x0, 0x8800, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) sendto$inet6(r1, &(0x7f0000000180)='V', 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) 06:00:23 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0xfeffffff00000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:24 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x200000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:24 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001c80)={&(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000680)=[{&(0x7f00000003c0)=""/231, 0xe7}], 0x1, &(0x7f0000000340)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000780)=""/4096, 0x1000}, &(0x7f0000001b80)=[{&(0x7f0000001940)=""/105, 0x69}], 0x1, 0x3d}}], 0x48}, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) 06:00:24 executing program 2: perf_event_open(&(0x7f0000000040)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffffd, 0x400000) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000140)={0x11, 0x38, &(0x7f0000000100)="adb227646b63448033829cb546be44a0ec15c79a676b78bbffbbe845bf14c37e81dd4b3d00abdf0376bf68bfe654e8aeec53407b3d54d9d4"}) mremap(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) [ 621.226727] rdma_op 00000000eebd5b30 conn xmit_rdma (null) [ 621.241466] *** Guest State *** [ 621.247270] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 06:00:24 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x3f00}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:24 executing program 2: r0 = memfd_create(&(0x7f0000000040)='bdev$-\x00', 0x4) lseek(r0, 0xfffffffffffffffc, 0x3) fsetxattr$security_smack_entry(r0, &(0x7f0000000000)='security.SMACK64MMAP\x00', &(0x7f0000000080)='bdev$-\x00', 0x7, 0x1) [ 621.297784] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 621.307673] rdma_op 00000000de86244b conn xmit_rdma (null) [ 621.318355] CR3 = 0x0000000000000000 [ 621.327181] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 621.336130] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 621.355547] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 621.380929] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.419102] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.443070] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 621.479749] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.492381] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.501062] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.509044] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 621.517976] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 621.526020] IDTR: limit=0x00000000, base=0x0000000000000000 [ 621.534033] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 621.542052] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 621.548470] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 621.555973] Interruptibility = 00000000 ActivityState = 00000000 [ 621.562236] *** Host State *** [ 621.565415] RIP = 0xffffffff8120427e RSP = 0xffff88018700f390 [ 621.571435] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 621.577856] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 621.585683] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 621.592188] CR0=0000000080050033 CR3=00000001d9092000 CR4=00000000001426f0 [ 621.599214] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 621.606209] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 621.612456] *** Control State *** [ 621.616032] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 621.622757] EntryControls=0000d1ff ExitControls=002fefff [ 621.628223] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 621.635195] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 621.642816] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 621.649423] reason=80000021 qualification=0000000000000000 [ 621.655800] IDTVectoring: info=00000000 errcode=00000000 [ 621.661309] TSC Offset = 0xfffffeb10ca52e42 [ 621.665614] EPT pointer = 0x00000001d5f3901e 06:00:26 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$inet(r0, &(0x7f0000001600)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000900000000000000000800819500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r3 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f000031aff8)={r0, r2}) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000001640)={0xffffffffffffffff}) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x200, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000400)={&(0x7f0000000280), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14}, 0x14}}, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000000)=0x6, 0x4) 06:00:26 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0xaf01, &(0x7f0000000280)) r1 = eventfd(0x80000002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x40000, 0x0) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x6) write$eventfd(r1, &(0x7f00000000c0)=0xffffffffffffff90, 0x8) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000857ff8)={0x0, r1}) read$eventfd(r1, &(0x7f0000000040), 0x8) 06:00:26 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x4000000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xffffffff00000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:26 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00?\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x7a) 06:00:26 executing program 2: [ 623.823383] *** Guest State *** [ 623.827463] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 623.842345] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 623.869152] CR3 = 0x0000000000000000 06:00:26 executing program 2: [ 623.873245] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 623.879381] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 623.894555] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:00:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x40000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 623.918768] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:26 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000d12000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x80000000003, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) r4 = dup2(r3, r1) ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, &(0x7f0000000080)={0x0, 0x600}) connect$unix(r2, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x20) 06:00:26 executing program 1: clone(0x2102801ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) bpf$MAP_CREATE(0x9903000000000000, &(0x7f0000000040)={0x40000000000004, 0x4, 0x4, 0x8000000000008, 0x0, 0xffffffffffffffff, 0x0, [0x305f, 0xa]}, 0x2c) semctl$GETPID(0x0, 0x2, 0xb, &(0x7f0000000100)=""/101) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x20702) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x4, 0x4) [ 623.946457] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 623.955580] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 623.965627] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 624.012047] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 624.020852] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 624.029159] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 624.050649] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 06:00:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0xa, 0x1, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0xffffffffffff8001) r3 = open(&(0x7f0000000000)='./file0\x00', 0x6c0200, 0x20) ioctl$TUNSETNOCSUM(r3, 0x400454c8, 0x1) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x82002, 0x0) write$binfmt_elf64(r4, &(0x7f0000000bc0)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000380000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000144a171534b952e5c9f772d76ca96648a1b36b3e51666407691f43833da5191bf0a3c75ec4ce23bbb505dcf1d2043370bad28866a731e7367ec9ece9dda81f2e2ce4348a6f171b209594006a3958dba551caa790cb4a2a0f2e787679e53bcfc1aff34a2987a50d4a954610c2914504de39cdf08fe91889556466d841354360813d7be74234ddbd4f3a0811e09c4f9f26dc1caa7f7a70a1cad833b64c43d33418b3e04743c9e97ffc0066c935364f3f993d9d11ba9d19f4b10ed1f7e0e9bfec4118aa0d654b5095481b82e7e50d8e07b62af31817ba62fe6ce5a6b6a0855293d48844938a7a3901107cb2ef8c6b0519f60ab4273f8d7b1b2d3bcca25d76f91d3bc4766cd156e1a37741747cb7a63f8c210b8ca5d03abde5fe7a50d97b7820238951e92fec28046cade12b5d85fd033214579d8fc0e6176e93f18e6dfe4883fb34562c59f3e34463c2dfdf62bbf3de965634db4ad7b0724a42411ee9ec133ba382b15c9db64e319b3da5253951f7a42551fbb48d82e13b999ce05b35616fb41334ffe888d2aaf3cf08964bf7e29665c357413dc4a4374c3a6a93e49a23a25beafe8d4be1388f633a196176bb1d25ee68e4eafcf75cdc5eb54bee7d32979f7dcee55aa7e3a35431e04239d6b062d89b09241448f25e0708bfdded06b255feae47de301e79cdabd07645cabdd774d236d3fff2519ac0e1af3ba676c4118f7de9c9054dd4c8fa26a07a6235f59daa7c0d45bd981081df8f08354d617f22beeed47f0f3dec9ce7893e6d2906c130a090c34739b15ee1185dae9cfb362ee721c16de26effa10e0ec9a518d6b46ad112f5243a05b673b414cc62b2720d95ff6099b306aba14cf07f9102581439b3f556957a8344351d9bef1cb238045de9a977f711c016f4c213525005f64ea2bd4c0865a324cd07874f3003922a4dd18334d58bb594f03c76c833bc526dcffe934fd47b7d003cc934dbad83ba736891d7efa158f5b018d734267e01e9a94a91ff40c4dda35b07b34b36cdbcde8645a91117e6a5391d47a0fb8a263cc557f9e5fee74ea49dd523fbda9ef33e4d9a4f78810a1a47064e87df3a9563a961ac3c0c3ff947dfbc8307a35f8f66131a5288342cd6876a694f5e67a676cc2f255050cf4964304cf58ba9025604574988aa52cfbc61b5f22397d07e45e95b515fbf19ad26ba5227db63ec2326e09c89e5d354a257c8480b135ffe7c22450af56fdaf3e78a4da6a026d41137461c2a3c7601d264132f6d77b803d52e6509c3f388601a30bb6ea67b292518b48382fa69bf98e7dc0fbb958c61d77af9607b327467540a2d343e27b4220bc9cb864e79a60695afede87f620f1fffb29867ea2adf1ef8188ecb29e6467e47abcd65b607b99b8589a6c760af78f0d85af03b1de0c08ce61d90a0f4ae4c69915f8464a0c173762febde802289a98f9b626edd132d577867fcc5349e2f09b0eb3883d69671c25eac9bb93fd798c45fe58fae23738d63a659057dd5ee023e57819e62de93d4bbc87b23b027c0cd7510a63133ecc6238a211805ca0b8d0535ddbfb6383cf1e1b1c1ec21073c0348084a3f02"], 0x4d8) fcntl$setflags(r0, 0x2, 0x1) dup2(r2, r4) 06:00:26 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x800000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 624.064061] IDTR: limit=0x00000000, base=0x0000000000000000 [ 624.105542] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 624.121384] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 624.128312] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 624.137492] Interruptibility = 00000000 ActivityState = 00000000 [ 624.150211] *** Host State *** 06:00:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000000100)={0x1, 0x5, {0x3, 0x200, 0x0, 0x7, 0x3, 0x8, 0x0, 0x5}}) r2 = request_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='bdev\x00', 0x0) getdents64(r1, &(0x7f0000000280)=""/4096, 0x1000) r3 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)="477e29ffcc886b1b541386e2151813e6ffa9066991694b69a8cfde71e482ecabdae70beb415f440ad3328a4345a93dcdd1bf4af3125d8265df231333580bf5cfa04f010dba6ee3ea40db4348e5a3b72278507a33a9a243d8", 0x98, r2) keyctl$invalidate(0x15, r3) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f00000001031900000007000000068100ed853b09000100010100ff3ffe58", 0x1f}], 0x1) 06:00:27 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0xfffffffffffffffa, 0x0) r2 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r1, 0x0) ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f00000000c0)={0x4, 0x2, @name="818cfe25732e5706d2681494006f95f38d48f5c0d7cd25d014524c573d08e512"}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000080)={r2}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x11, &(0x7f0000000000)={@mcast2}, 0x20) [ 624.153497] RIP = 0xffffffff8120427e RSP = 0xffff88017feaf390 [ 624.166852] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 624.173968] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 624.182434] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 624.194189] CR0=0000000080050033 CR3=00000001d1284000 CR4=00000000001426f0 [ 624.202380] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 624.215725] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 624.231990] *** Control State *** [ 624.235677] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 624.235697] EntryControls=0000d1ff ExitControls=002fefff [ 624.235711] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 624.235720] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 624.235728] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 624.235736] reason=80000021 qualification=0000000000000000 [ 624.235744] IDTVectoring: info=00000000 errcode=00000000 [ 624.235750] TSC Offset = 0xfffffeafa22dcd53 [ 624.235759] EPT pointer = 0x00000001d741c01e 06:00:27 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0xe00, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x6000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x74) 06:00:27 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x201, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="dbef4f3da1d015aecc0d5e7eb0ac000200001500", @ANYRES32=r2, @ANYBLOB="08000100e000000208000100ffffffff1400060007000000aa000000050000006100000008000800000200001400060009000000010000000600000004000000140003007465616d5f736c6176655f310000000008000800a0040000"], 0x74}, 0x1, 0x0, 0x0, 0x800}, 0x80) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x40082406, 0xffffffffffffffff) 06:00:27 executing program 1: capset(&(0x7f00000000c0)={0x20071026}, &(0x7f0000000240)) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') setns(r0, 0x0) 06:00:27 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "7175657565310000000000fffffdfd00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:27 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000013c0)='ramfs\x00', 0x0, &(0x7f000000a000)) chroot(&(0x7f0000000280)='./file0\x00') mount(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x201000, &(0x7f00000002c0)) mount(&(0x7f0000000080)=ANY=[], &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, &(0x7f0000000240)='9p\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pivot_root(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00') 06:00:27 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x8f88ce290bd2c93b, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000640)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000140)=0x3) socket$vsock_dgram(0x28, 0x2, 0x0) r3 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x8, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000480)={0x0, 0x4}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000500)={r4, 0x6, 0x0, 0x101, 0xfffffffffffffffd, 0xffffffffc79a843c}, 0x14) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) write$FUSE_CREATE_OPEN(r3, &(0x7f00000002c0)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x4, 0x3, 0x0, 0x0, {0x3, 0x8fa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x767dbe0c, 0x0, 0x0, 0x0, r5}}, {0x0, 0x6}}}, 0xa0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="47e870fa0160"], &(0x7f0000000100)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f00000001c0)={0x0, 0x0, 0x1}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)) syz_open_pts(0xffffffffffffffff, 0x0) 06:00:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x2}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:27 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x3f00000000000000) 06:00:27 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x12, &(0x7f0000000100)=0xfffffffffffffffd, 0x4) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x6, 0x8042) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@multicast2, @rand_addr=0x81, 0x1, 0x5, [@multicast1, @rand_addr=0x80000001, @local, @multicast1, @multicast1]}, 0x24) 06:00:27 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x10000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 625.030247] *** Guest State *** [ 625.033920] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 625.052517] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 625.061519] CR3 = 0x0000000000000000 [ 625.065338] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 625.071668] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 625.077774] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 625.085277] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.093425] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.101570] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 625.109554] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.118201] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.126584] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.134643] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 625.142770] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 625.150799] IDTR: limit=0x00000000, base=0x0000000000000000 [ 625.158859] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.158872] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 625.158885] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 625.158896] Interruptibility = 00000000 ActivityState = 00000000 [ 625.158901] *** Host State *** [ 625.158914] RIP = 0xffffffff8120427e RSP = 0xffff88018700f390 [ 625.158938] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 625.158951] FSBase=00007f09035c2700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 625.158966] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 625.173480] CR0=0000000080050033 CR3=00000001bffa6000 CR4=00000000001426e0 [ 625.173497] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 625.231257] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 625.237392] *** Control State *** [ 625.240958] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 625.247632] EntryControls=0000d1ff ExitControls=002fefff [ 625.253403] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 625.260723] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 625.270946] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 625.277610] reason=80000021 qualification=0000000000000000 [ 625.284299] IDTVectoring: info=00000000 errcode=00000000 [ 625.289820] TSC Offset = 0xfffffeaeff0a6061 [ 625.294470] EPT pointer = 0x00000001c57de01e 06:00:28 executing program 1: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x2}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:28 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x3f00, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:28 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x20000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x4c000000) 06:00:28 executing program 2: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nullb0\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) write$binfmt_aout(r0, &(0x7f0000000200)={{0x107, 0x16c78000000000, 0x3, 0x9b, 0x118, 0x3, 0x24, 0x5}, "2b648851831a47771e620eddc4de2723d5edd14d506d23383772a5ded02d59af367cd8f2b0dc7c3a9e5a0ac0c24d8aa91914da6dc9cb5c6cea02f7a6dca939ff03be1e6ace0741440f296d0027051a511b199f65953a72dcbfd8b421ba486b07a4ee4423a74ed5b783a793e460a66c52494b6eb55bdb35c8c5769bf96874271d27fbc389b40df72099feac242e4a", [[], [], [], [], [], [], [], []]}, 0x8ae) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) madvise(&(0x7f0000676000/0x1000)=nil, 0x1000, 0xe) 06:00:28 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00@\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:28 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000548000)=0x4001, 0x4) unshare(0x8000400) close(r0) sendto$inet6(r0, &(0x7f0000000140), 0xfffffc58, 0x0, &(0x7f0000b85fe4)={0xa, 0x4e20, 0x0, @dev}, 0x1c) recvmsg(r0, &(0x7f0000000400)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000000040), 0x0, &(0x7f00000003c0)=""/36, 0x24}, 0x2000) 06:00:28 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0xb5d388d19505ef12, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x1ff, 0x12) r2 = socket$unix(0x1, 0x2008, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000180)={{0x5, 0x7}, 0x1, 0x0, 0x6, {0x7, 0x9}, 0x100000001, 0x2}) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x2) keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000280)='blacklist\x00', &(0x7f00000000c0)='wlan0\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000240)=0x9) fallocate(r2, 0x10, 0xa837, 0x8245) write$P9_RFSYNC(r1, &(0x7f0000000080)={0x7, 0x33, 0xff}, 0x7) msgget(0x1, 0x8) [ 625.810153] *** Guest State *** [ 625.813617] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 06:00:28 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x8008}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 625.852894] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 625.887382] CR3 = 0x0000000000000000 [ 625.903736] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 625.913902] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 625.920868] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 625.927786] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.936337] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:28 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x20000) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0xfdfdffff, 0x1, 0x1}) openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x40, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x10001, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r2, 0x5386, &(0x7f0000000040)) socketpair(0x3, 0x4000000000d, 0x80000000000086, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0x9e}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000140)={r5, 0x257}, 0x8) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000180)={0x10001, 0xff757f57, 0x0, @stepwise={0x3, 0x1, 0x0, 0x2, 0x2, 0x9}}) ioctl$KDGKBSENT(r4, 0x4b48, &(0x7f00000002c0)={0x6, 0x0, 0x9}) 06:00:28 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r0, 0xc008561c, &(0x7f0000000180)={0xf0f000, 0xfffffdfb}) [ 625.946664] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 625.956376] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.969601] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 625.979770] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:28 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x2000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 625.997853] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 626.020704] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 06:00:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000000)={0x5}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r2 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x9, 0x80) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffff9c, 0xc0086420, &(0x7f00000000c0)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000100)={r3, 0x2}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) close(r2) ioctl$KVM_SET_CPUID(r4, 0x4008ae8a, &(0x7f0000000140)=ANY=[@ANYBLOB="02000000000000000d000000cde900000000000000000000000000000000e7ff000000000000000000000000000000000000000000040000"]) [ 626.045176] IDTR: limit=0x00000000, base=0x0000000000000000 [ 626.083684] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 626.113863] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 626.124397] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 626.138475] Interruptibility = 00000000 ActivityState = 00000000 [ 626.148338] *** Host State *** [ 626.155129] RIP = 0xffffffff8120427e RSP = 0xffff8801807bf390 [ 626.162925] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 626.172283] FSBase=00007f09035a1700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 626.181008] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 626.187033] CR0=0000000080050033 CR3=00000001cb12c000 CR4=00000000001426e0 [ 626.194260] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 626.201237] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 626.207423] *** Control State *** [ 626.211028] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 626.211040] EntryControls=0000d1ff ExitControls=002fefff [ 626.223345] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 626.231638] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 626.238446] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 626.246313] reason=80000021 qualification=0000000000000000 [ 626.252885] IDTVectoring: info=00000000 errcode=00000000 [ 626.258466] TSC Offset = 0xfffffeae97ed0719 [ 626.263820] EPT pointer = 0x00000001ccbb601e 06:00:31 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x100000000000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:31 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff}) close(r1) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000000)={0x73253b26, {{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x14}}}}, 0x88) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc}, 0x10) bind$unix(r1, &(0x7f0000d77000)=@abs, 0x0) 06:00:31 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) fdatasync(0xffffffffffffff9c) socket$inet6(0xa, 0x1000000000002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="9287b748246deeca588edacd5c1cc596a848a41b96d72d9ff1ffcd245d4623bea592fa911a59141ad79770daa350bbd501b4cb95cf19700700000000000000625d08ef137426f4997e282f68591512c4636d34e1d3cc668e8b4f8843a84855908985cc2773f295290a92d6f061f3d87a22968a81d80da9a6c39f5c7aa09f49456049763d7bb11d1171be83d26f047ce47c565dbf107ab9605a473e04c7e779a0c244ca4388df158abbd2eb44b5519597b5dcd531eaf5b40fa5efa57134ba3a90cf3bcabc96ca007cd5feb4cd554479fe35b888d8bb8ff332dbe807f0278d6399ce4ae86d94dd3899e0a88497279de14712c957b07708c2b8031630481ad1a0880ed2001ded067a6abdc60892ed7457b5fd6d387538e77ea5ff56b6ba67075a449ff84f786e598a221dd8c71045d8afc7642cddb781e732a2e64ede6a077b41ebe33a8903474da4c44514e27ac011237bbed9c4c34dc93889dd21362df3c761db3bae1c5f0f75aac48fc04b897639deefc777f81211acf569827a8e7d88b1b5e4687393700f39a24046557e1e8ce64b02424a3f0d7ce3a64e74cd36ab4b9747b0692889ef04e9a511014b61402662fd9ad8c229a561dbcf78c8333b0cf2520f07415fae39b952527620436d9f56f760af5c65053f6414dc5f66ab609f65efcba0feaa811c194dd9b3853975a912c608f574c9267eb2ee920782a8d1de92af5d8a7efd903fb749e3cdb951463ff978d63a7aeff0fbd6eaaaa8190b03e63b9e3f2e798e5f0608d74cf4601abe84f0966db85d7a6e200ec139cf6b13a124ff53f720bc93"], 0x1}, 0x1, 0x0, 0x0, 0x90}, 0xfffffffffffffffd) r1 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") fcntl$setstatus(r1, 0x4, 0x4800) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) mq_open(&(0x7f0000000000)='..\x00', 0x0, 0x0, &(0x7f0000000040)) r3 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r2, 0x6) setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000440)={'bcsh0\x00', &(0x7f00000002c0)=@ethtool_perm_addr={0x20, 0x69, "3ac6a7be1146f1b82a29b37471c2335f9efe2f6853a7431dadbb66a0a63e7eb8801772f37289412b769e87e04cdea2e149004df07a48aed39bdf1f681271e92dbceff91524497acfe6d5cd22d44e62d88c82211ef49cfd0e7743bc7a055821ff1cfce9728d3390897c"}}) r4 = accept(r2, 0x0, &(0x7f0000000080)=0xfe0f) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f00000000c0)={0x6122, 0x40}) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) read(r3, &(0x7f0000000480)=""/144, 0x90) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000340)='tls\x00', 0x4) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x2710}, 0x10) syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x101, 0x40000) inotify_add_watch(r3, &(0x7f0000000180)='./file0\x00', 0x9) write(0xffffffffffffffff, &(0x7f0000000940)="1ca1c5666d0c76fc874b18de4120ea764af13a21586ba6fcd0d5910ca5be659473abe991234157cb223b39f406f4b4157483174bece9764d831fa5f95422777659b42988ecf1fb78f8d0c22352f72b3f6adcb65784ef89f72cc48e612b3457df7651d5d94e2678b2336d049f9751279da5e541fff8ecceba10471eed5fe5f9e2f06b7da795f7ba65fce561b2cd3801fe752e22133dec30580cbb", 0x9a) sendmmsg(r3, &(0x7f0000005700)=[{{&(0x7f0000003900)=@pptp={0x18, 0x2, {0x0, @rand_addr}}, 0x80, &(0x7f0000003b80), 0x3a5, &(0x7f0000003bc0)}}], 0x3a6, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='erspan0\x00', 0xfc) sendmmsg(r3, &(0x7f000000a080)=[{{&(0x7f0000005440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2, {0xa, 0x0, 0x0, @ipv4={[], [], @local}}}}, 0x80, &(0x7f0000005640)=[{&(0x7f00000097c0)="bf", 0x1}], 0x1, &(0x7f00000098c0), 0x0, 0x1}}], 0x1, 0x0) 06:00:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x20000000) 06:00:31 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100000000000000000100"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:31 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x80000000000045, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") ioctl$TIOCCONS(r0, 0x541d) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x102, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1ffffffffffffe, 0x0, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r4, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5}, 0xc) ptrace$setopts(0x4206, r3, 0x5, 0x100012) setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000700), 0xffffffffffffff1d) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000005c0)={{{@in=@rand_addr, @in=@rand_addr}}, {{@in6}, 0x0, @in6=@mcast2}}, &(0x7f0000000480)=0xe8) getrandom(&(0x7f00000001c0)=""/129, 0x81, 0x2) ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f0000000100)) fcntl$setlease(r0, 0x400, 0x2) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0x166) tee(r1, r0, 0x5, 0xd) sendfile(r0, r1, &(0x7f0000000180), 0x8402) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000080)={0x2000}) fcntl$setsig(r2, 0xa, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f00000003c0)={0x3, 0x1, [{0x200, 0x0, 0x1f}, {0x3, 0x0, 0x1ffc000000}, {0x9, 0x0, 0x3}]}) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000740)=0x4) sendmsg$netlink(r0, &(0x7f0000000580)={&(0x7f0000000280)=@kern={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)=[{&(0x7f00000007c0)=ANY=[@ANYBLOB="10000000150021042abd7000ffdbdf25a93910346fcf70bede43392efafdb4795e56cfb006ea4fb7a061a6b034120fab8d01536b01c00676b95ef179e05c3be834d68bca632eeb8df34c7a38ae17c2260ee067b78084fb70bbccddfd361fa4346af50afac0d1f44c0a0437b5287be3c16155fa3f75af3a61ec9c092b861a97f4f86a53ff3bb8592cf06124b78c8f455c165b19cec1d67294d3151ceb1b8e2067e775cd33db6b92b50d852398585a4011ffd2fb8f32625e72ec69ab192de0a9732c1c0ef3669747fc4da22f1fecafa57cb8d3ffcdb08c2f2aa7df0c74"], 0x1}], 0x1, 0x0, 0x0, 0x800}, 0x1) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000400)={0x0, 0x80000, r0}) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000440)) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000004c0)=@sack_info={0x0, 0x95}, &(0x7f0000000500)=0xc) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000000030000000000000000000000000000000000000000000000"]) openat$full(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/full\x00', 0x8000, 0x0) 06:00:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xfffffffe}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 628.869950] *** Guest State *** [ 628.880966] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 628.894075] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 628.910970] CR3 = 0x0000000000000000 [ 628.916184] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 628.924092] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 628.930551] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 628.947466] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 628.958262] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:31 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x8}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 628.966741] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 628.975404] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 629.000779] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 629.008940] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 629.018570] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 629.028793] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 629.048337] IDTR: limit=0x00000000, base=0x0000000000000000 [ 629.057401] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:31 executing program 2: semget(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000080)=""/205) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) open(&(0x7f0000000500)='./file0\x00', 0x410240, 0x40000000166) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x0, 0x6000000, 'wrr\x00', 0x20, 0xfffffffffffff0b5, 0x67}, 0x2c) r5 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0xfffffffffffffffb, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f00000001c0)=0x20000010001, 0x8) r6 = fcntl$dupfd(r1, 0x406, r3) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000300)=0x8, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18) sendfile(r5, r3, &(0x7f00000000c0), 0x6) signalfd(r2, &(0x7f0000000640)={0x7}, 0x8) ioctl(r4, 0x800000000008982, &(0x7f0000000080)) signalfd4(r5, &(0x7f00000003c0)={0x4}, 0x8, 0x80800) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) connect$vsock_stream(r6, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r8 = socket(0x10, 0x1, 0x0) ioctl(r8, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") openat$urandom(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x8180, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x8e, 0x0, 0x5, 0x0, 0x1000}, @cstype3={0x5, 0x6}], 0xffffffffffffe0a) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="010000096114c3e20850e09d03002f38855ca1f4f10a9ca444fe901ccc63846bff045e0e7775133d64e344439c508e11184b36f663594afdd66000000000dee651379318d40692f5ecb5d87f96af8ecb07c6efcd19919550a5fc00000600000000000000755e190835109f00000000001f000900bae6f44901cbcdc0bfc948ff410f94cd4402a79f4c"]) [ 629.065682] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 629.088044] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 629.108946] Interruptibility = 00000000 ActivityState = 00000000 [ 629.118441] *** Host State *** [ 629.121889] RIP = 0xffffffff8120427e RSP = 0xffff880186c37390 [ 629.128083] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 629.134784] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 629.142988] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 629.149098] CR0=0000000080050033 CR3=00000001c6168000 CR4=00000000001426e0 [ 629.156458] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 629.163628] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 06:00:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xffffffffffff0700}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 629.180410] *** Control State *** [ 629.186581] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 629.201858] EntryControls=0000d1ff ExitControls=002fefff [ 629.224112] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 629.255157] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 629.291496] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 629.298087] reason=80000021 qualification=0000000000000000 06:00:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xe0ff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 629.317128] IDTVectoring: info=00000000 errcode=00000000 [ 629.330200] TSC Offset = 0xfffffeacf28b8a5e [ 629.334866] EPT pointer = 0x000000018474c01e 06:00:32 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0xfdfdffff, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:32 executing program 2: semget(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000080)=""/205) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) open(&(0x7f0000000500)='./file0\x00', 0x410240, 0x40000000166) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x0, 0x6000000, 'wrr\x00', 0x20, 0xfffffffffffff0b5, 0x67}, 0x2c) r5 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0xfffffffffffffffb, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f00000001c0)=0x20000010001, 0x8) r6 = fcntl$dupfd(r1, 0x406, r3) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000300)=0x8, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18) sendfile(r5, r3, &(0x7f00000000c0), 0x6) signalfd(r2, &(0x7f0000000640)={0x7}, 0x8) ioctl(r4, 0x800000000008982, &(0x7f0000000080)) signalfd4(r5, &(0x7f00000003c0)={0x4}, 0x8, 0x80800) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) connect$vsock_stream(r6, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r8 = socket(0x10, 0x1, 0x0) ioctl(r8, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") openat$urandom(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x8180, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x8e, 0x0, 0x5, 0x0, 0x1000}, @cstype3={0x5, 0x6}], 0xffffffffffffe0a) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="010000096114c3e20850e09d03002f38855ca1f4f10a9ca444fe901ccc63846bff045e0e7775133d64e344439c508e11184b36f663594afdd66000000000dee651379318d40692f5ecb5d87f96af8ecb07c6efcd19919550a5fc00000600000000000000755e190835109f00000000001f000900bae6f44901cbcdc0bfc948ff410f94cd4402a79f4c"]) 06:00:32 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x60000000) 06:00:32 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0xffffffffffffff2e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x80001, 0x0) membarrier(0x1, 0x0) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x2}, 0x2) io_setup(0x20, &(0x7f0000000480)=0x0) io_getevents(r3, 0x0, 0x0, &(0x7f0000000000), &(0x7f00000001c0)) r4 = socket$alg(0x26, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x0, 0x0) syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40, 0x400000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x0, 0x3ef, 0x1000000000000, 0x3f00000000000000, 0x0, 0xfffffffe, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r5, 0x89a0, &(0x7f0000000340)={@loopback, @empty, @ipv4={[], [], @loopback}, 0x1, 0x0, 0x3, 0x400, 0x0, 0x40000001, r6}) ioctl$DRM_IOCTL_GET_MAP(0xffffffffffffffff, 0xc0286404, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, &(0x7f0000ffa000/0x3000)=nil}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000200)={0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}) bind$alg(r4, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) close(r2) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r5, 0x29, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="6d616e676c65000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000040000000000000"], 0x48) io_submit(r3, 0x1400, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r2, &(0x7f0000000140), 0x700000000000}]) 06:00:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x600}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:32 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100000e00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 629.885515] *** Guest State *** [ 629.900216] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 06:00:32 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x40000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 629.942011] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 629.959633] CR3 = 0x0000000000000000 [ 629.971669] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 629.982780] RFLAGS=0x00000006 DR7 = 0x0000000000000400 06:00:32 executing program 2: semget(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000080)=""/205) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) open(&(0x7f0000000500)='./file0\x00', 0x410240, 0x40000000166) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x0, 0x6000000, 'wrr\x00', 0x20, 0xfffffffffffff0b5, 0x67}, 0x2c) r5 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0xfffffffffffffffb, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f00000001c0)=0x20000010001, 0x8) r6 = fcntl$dupfd(r1, 0x406, r3) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000300)=0x8, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18) sendfile(r5, r3, &(0x7f00000000c0), 0x6) signalfd(r2, &(0x7f0000000640)={0x7}, 0x8) ioctl(r4, 0x800000000008982, &(0x7f0000000080)) signalfd4(r5, &(0x7f00000003c0)={0x4}, 0x8, 0x80800) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) connect$vsock_stream(r6, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r8 = socket(0x10, 0x1, 0x0) ioctl(r8, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") openat$urandom(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x8180, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x8e, 0x0, 0x5, 0x0, 0x1000}, @cstype3={0x5, 0x6}], 0xffffffffffffe0a) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="010000096114c3e20850e09d03002f38855ca1f4f10a9ca444fe901ccc63846bff045e0e7775133d64e344439c508e11184b36f663594afdd66000000000dee651379318d40692f5ecb5d87f96af8ecb07c6efcd19919550a5fc00000600000000000000755e190835109f00000000001f000900bae6f44901cbcdc0bfc948ff410f94cd4402a79f4c"]) [ 629.999998] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 630.006699] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.017374] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.027150] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 630.043000] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.051455] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, [0x3]}) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f00000000c0)=""/122) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f00000002c0)={0xfffffffffffffffc}) [ 630.091678] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.125771] GDTR: limit=0x000007ff, base=0x0000000000001000 06:00:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x1000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 630.147905] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 630.162407] IDTR: limit=0x00000000, base=0x0000000000000000 [ 630.173036] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.181251] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 630.189434] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 630.197227] Interruptibility = 00000000 ActivityState = 00000000 [ 630.205119] *** Host State *** [ 630.208500] RIP = 0xffffffff8120427e RSP = 0xffff880181ccf390 [ 630.214803] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 630.240442] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000033000 [ 630.284413] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 630.307478] CR0=0000000080050033 CR3=00000001bfca8000 CR4=00000000001426e0 [ 630.316390] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 630.323690] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 630.329984] *** Control State *** 06:00:33 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000080), &(0x7f0000000100)=0x68) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000e4ffc8)={&(0x7f0000beb000)=@abs, 0x6e, &(0x7f000000d000), 0x0, &(0x7f000053c000)=[@rights={0x18, 0x1, 0x1, [r2]}], 0x18}, 0x0) close(r2) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x0) close(r0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r2, 0x6612) 06:00:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xe0ffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 630.333585] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 630.340529] EntryControls=0000d1ff ExitControls=002fefff [ 630.348888] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 630.361249] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 630.368012] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 630.381218] reason=80000021 qualification=0000000000000000 [ 630.395382] IDTVectoring: info=00000000 errcode=00000000 [ 630.401647] TSC Offset = 0xfffffeac6a12df73 [ 630.420046] EPT pointer = 0x0000000189efc01e 06:00:33 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x1000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:33 executing program 2: semget(0xffffffffffffffff, 0x0, 0x0) semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000080)=""/205) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600), 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) open(&(0x7f0000000500)='./file0\x00', 0x410240, 0x40000000166) r3 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @local, 0x0, 0x6000000, 'wrr\x00', 0x20, 0xfffffffffffff0b5, 0x67}, 0x2c) r5 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0xfffffffffffffffb, 0x2) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r5, 0x28, 0x2, &(0x7f00000001c0)=0x20000010001, 0x8) r6 = fcntl$dupfd(r1, 0x406, r3) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000300)=0x8, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18) sendfile(r5, r3, &(0x7f00000000c0), 0x6) signalfd(r2, &(0x7f0000000640)={0x7}, 0x8) ioctl(r4, 0x800000000008982, &(0x7f0000000080)) signalfd4(r5, &(0x7f00000003c0)={0x4}, 0x8, 0x80800) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) connect$vsock_stream(r6, &(0x7f0000000280)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r8 = socket(0x10, 0x1, 0x0) ioctl(r8, 0x8912, &(0x7f0000000240)="c626262c8523bf012cf66f") openat$urandom(0xffffffffffffff9c, &(0x7f0000000440)='/dev/urandom\x00', 0x8180, 0x0) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x8e, 0x0, 0x5, 0x0, 0x1000}, @cstype3={0x5, 0x6}], 0xffffffffffffe0a) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000680)=ANY=[@ANYBLOB="010000096114c3e20850e09d03002f38855ca1f4f10a9ca444fe901ccc63846bff045e0e7775133d64e344439c508e11184b36f663594afdd66000000000dee651379318d40692f5ecb5d87f96af8ecb07c6efcd19919550a5fc00000600000000000000755e190835109f00000000001f000900bae6f44901cbcdc0bfc948ff410f94cd4402a79f4c"]) 06:00:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x48) 06:00:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x800800000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:33 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100000001, 0x2c00) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000180), 0x10, &(0x7f0000000200)={&(0x7f00000001c0)=@can={{0x3, 0x5, 0x800000, 0x5}, 0x3, 0x2, 0x0, 0x0, "b428650fa386f94c"}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x4040040) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") fstat(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TUNSETOWNER(r0, 0x400454cc, r2) r3 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x10001, 0x0) r4 = syz_open_dev$usb(&(0x7f0000000340)='/dev/bus/usb/00#/00#\x00', 0x7fffffff, 0x8000) signalfd4(r4, &(0x7f0000000380)={0x9}, 0x8, 0x80800) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000280)) r5 = dup2(r3, r3) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x32, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_G_STD(r5, 0xc0205647, &(0x7f0000000040)) setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f00000003c0), 0x4) 06:00:33 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 630.815840] *** Guest State *** [ 630.819520] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 630.847921] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 630.871340] CR3 = 0x0000000000000000 [ 630.875306] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 630.881500] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 630.888174] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 630.895142] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.904379] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.913068] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 06:00:33 executing program 1: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) sync_file_range(r0, 0x4, 0x4000000000000000, 0x6) r1 = openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x40000, 0x106) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r1, 0x8008ae9d, &(0x7f00000001c0)=""/222) mq_open(&(0x7f0000000000)='.\x00', 0x0, 0x0, &(0x7f0000000040)) r2 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x6, 0x1) r3 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x40, 0x0) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000140)=r3) 06:00:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x4000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 630.921397] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.929589] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.938358] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 630.947259] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 630.978540] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 630.987296] IDTR: limit=0x00000000, base=0x0000000000000000 [ 630.995934] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 631.004284] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 631.011160] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 631.018756] Interruptibility = 00000000 ActivityState = 00000000 06:00:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000240)={'syz'}, &(0x7f0000000300)="07000084f3e4017402dac83300f7542df8bbf85a05f4d6", 0x17, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000002c0)={'syz'}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) r2 = memfd_create(&(0x7f0000000140)='loprocprocsecurity)loppp0)\x00', 0x2) ioctl$VIDIOC_G_CROP(r2, 0xc014563b, &(0x7f0000000000)={0xb, {0x5, 0x7, 0x101, 0x3}}) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0x53, &(0x7f00000001c0)={&(0x7f0000000040)={'sha224-avx2\x00'}, &(0x7f00000001c0)}) [ 631.026269] *** Host State *** [ 631.029591] RIP = 0xffffffff8120427e RSP = 0xffff8801b8197390 [ 631.036388] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 631.057032] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 06:00:33 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x8000000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 631.080025] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 631.086116] CR0=0000000080050033 CR3=00000001d8e64000 CR4=00000000001426f0 [ 631.105390] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 06:00:34 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000001ac0), &(0x7f0000000000)=0xfffffffffffffd5d) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x2) r3 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x4, 0x40) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f00000000c0)=r3) 06:00:34 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000d08ff7)='/dev/sg#\x00', 0x0, 0x81) r2 = memfd_create(&(0x7f0000000040)='/dev/sg#\x00', 0x3) ioctl$BLKFLSBUF(r2, 0x1261, &(0x7f0000000080)=0x2) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(r3, 0x1004000000016) close(r1) [ 631.127605] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 631.150377] *** Control State *** [ 631.154296] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 631.181113] EntryControls=0000d1ff ExitControls=002fefff [ 631.186873] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 631.195532] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 631.203039] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 631.210270] reason=80000021 qualification=0000000000000000 [ 631.220097] IDTVectoring: info=00000000 errcode=00000000 [ 631.226297] TSC Offset = 0xfffffeabe4111a48 [ 631.231768] EPT pointer = 0x00000001c3e7701e 06:00:34 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x40000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:34 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070") pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000040)='u', 0x1}], 0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-pclmul\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[], 0xfffffdea) splice(r1, 0x0, r4, 0x0, 0x20000000003, 0x0) 06:00:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x8040000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x10) 06:00:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x804000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:34 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100000000000000001f00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 631.810114] *** Guest State *** [ 631.817251] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 631.849014] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 631.871884] CR3 = 0x0000000000000000 [ 631.877746] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 631.891594] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 631.905102] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:00:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x600000000000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 631.921816] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 631.939692] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 631.959619] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 631.977395] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.003858] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:34 executing program 2: write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f00000001c0)={0x7}, 0x7) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000100)=""/108}, 0x48) r0 = memfd_create(&(0x7f0000000000)='vboxnet0]]ppp0\x00', 0x0) ioctl$RTC_WIE_ON(r0, 0x700f) [ 632.033442] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.043881] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 632.064128] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 06:00:34 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x2000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:35 executing program 2: mkdir(&(0x7f0000554ff8)='./file0\x00', 0x0) r0 = open(&(0x7f00006c69d0)='./file0\x00', 0x0, 0x0) fcntl$dupfd(r0, 0x800000000402, 0xffffffffffffffff) r1 = open(&(0x7f00004a3000)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x80000008) fcntl$notify(r2, 0x402, 0x1) [ 632.092556] IDTR: limit=0x00000000, base=0x0000000000000000 [ 632.118014] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:35 executing program 1: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) connect$inet(r0, &(0x7f0000f6fff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6gretap0\x00', 0x10) recvfrom$unix(r2, &(0x7f00000001c0)=""/136, 0x88, 0x40000000, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4e24}, 0x6e) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000300)="cee82ae94272c5a23f5851c2f663094b6e814b8026c7ecdf3504cfc0e4e2d17d55c98ee94e5e5c375045284e18f68d3bae0cff581c14b155f394beb5c7eb20633ce2ec08bc4107a4aba977a17fba8c9d4aa6d9cb41e79c6485b20a31e521cf8f96ae84c853a894509a23b29814d13703b841fadd8f25613db7e1a4cf9eddf335ed6368072fb48183dd70f5725a9f5bd8388535f00337fc5e8c34369d3d737ce48b9ab975967bc3d1230c0db77fde351a8112533d16e49c6685e85fcb4f4d9e8eb1235a9d17324d5a12289c307d7b63091757c216baa2bed62493cb9a5e012e2cf540458283529718e07e7644017d22c05f9432f374af212296b7aaea09a8ff29b23d23154050bc073050ee7cb2d593d8fa821090f8e5f8beef14e50936bfe971ef5bd349c6eb4e58bbbb11fec9d5ed27af81381f49ca6b1f85e2fb93b0993b0942cebe43ff8ca99ee618e19fed6e92e1e5d9cc664e9d06adbc6ba863eed53cfafff073ade92fb69b954429c64a73ff327b035a114ad1da91d8decbcf22a9f471da0c87fb4a89855cba2c02eda1d3aecaf0265b872e230f37852e2079aa748454c85d233fc95956a254a15d4f9bec443c4067e4dbf4f0f67fbdfeaff7eea04925c8071b9bba21134738d1d58c8cc4562b4f08b8699120acffc7c56127548ae1415f6f6fb7247c9db87fbb4e32e448ddb31acaf2976f41e928b3130f578e0e0f7bf2be44cd2608e108235aa13719c461736e3e3c482ed544a3d4a1bee86217630ca702f2e6763ab1bc539895c65eae16780d8ad333240dd26d6bfafbb09087dea5753ef8331994de0739c7a9fb0f72ed74171063e98b5c699fbce19db5ee89ac61ca10c20fd8144045060d2e9fc6f821aa7b4b719a74d60eeca064040da81bf055fb0aeca96fa6082bd7012ce3c5afe5a37dda64a410fcdf79f179e1c9d9c236eaaddd2f18c936c8bbe1fdcf9f333611cefaa129642665bddc545ed343706b7bdbebc4303884894190a26f96c4c825a40267c2e5abc01b5eca28dca1746a7ffa438eb70fe71e12a38970bc38bbc6af631ac6945f72ee21db29ecb5588ca5602d694ed43f881332120c35c0ca8f36c429908d45fc5bb1c36f66f08325f185b7531396c9db537b7c3056cc70d13c63c5217b646a19ac893410d54f1e33f4c78dda0cb8530d5785bc25b2ebe23ffd2db3473e39a8316de33ab674bee4b1b2a30e9ba0b13b25a43947649af0aa5e4f8b8262a6e4daa0baf5d1d32f59eb16645eaf6a10054e943786c32ec9a7b263cde296439fd7342a3574dbc58e0dd294dd7d00b828713b1d6430ba9ac591d318ce386ca31bc37a437db6cfe384268a60be75703011bf6d4e1293dd0152207e241db6709ef7de45d57a095f1a1a6e6d3eb86ebd967f0eeebe3035467819f72bca4247184aea6aea3f3d0b2e4a29b79035e22f4b042b78ead328cb45c42fcb4904f478ea9d6ed032b0347909b2d00ae5b7b8307feaf198a9e0b67cc40aa738c60fb1b5dbe3a21b4e326d73277bf81c2d9726c6450780ead3213d2927ec8f919e50173da440f5d7abeb7c986ee5d9c6fb39cd0b3c2e3afc7e755876c443dace601bcb7705820adeed84547a7eeb383cae93c167ee8f09a8d6c116f4a68d26c7efb175127527779bd981b945583099c4a262f454c13bb9ded06843c952e2ff56b7cea34f6a74d038d524a8c09a5956a72e880758e5cd6d2c85891c92f614e991542927b7971aab5c3007c3e8a2caa1b7248ccd39a6c59a02caef4521128af21b9b500468546114597392cf2c14bf6a93d8f5a3047d03f8c799020873d4e92c27873069194119fecca24efa8e8921198d9f8c7560f4c58833006a34bdbb9a5540a1a980ded58251b47e55a1d2db8f3384d93a7931af1f72592a36518017b1ebb555e85ed62960ce154a450f5f0451d945e92af6786b0d8fc91634feafab7a1a9a908a6f9234cdbc7ff8d9271be52b335df451a183ca1818d3b941ffd0aad5b7a80eebf7878869f373c1834b4b057bdd45fae47903ec82e0cba83007756b0b1c7c039f90a79c0074610f3d4b7e80c6a0e3086a72b2eb0a260b5e795ef024344901067e148aba8cb248cc407eed65256ed5a8b988d621a820faf1688d86176b71541bf26f637d469dce2c006320e7a198c5af78ce04217cd35076d7c389c6da513daca72e0fa899c7720b17b8d857580fb68746a6d94952d96b1bb5e2d890dc4297b2bd42e6feeca3ce097a7494d8d509c27f5a183e7554914073ae8ae84bf5865e4f1b81927c9a895c9967427fcb40697cea3818a9da55d9b8e973115523341c224adea3e016dadec1794bae08627c85005249baef7c26666560af56eb268d63fa6da5067d666c34670627b5274ca2f1e54035b13d8e0953c695ffad7238950c7b9612221e44e1598bb625c9765a44d118b5d1abcdd6d6fcf2d767b310c15b9501ffd4e17734f5e81490b2f3dddb5d71f895c7e50219c3348909e335247b8ced5e871ecbfdfe9944f97caaade6b7b13014b60f47319e36246d3670cab602e6f84f9353c83879f1b5a8751f985de31d8180c6b3ff13dd16c54cfb28a9afed41ea64e0affd3df4f5ae0973df9e84a2329466247ff7e9ab98ef6ebe4e9b871fcaf0a41383c26ca089ad04d242da9fa7b6885f54f31fff967462225fa2db1668f767f1ad545159c3d9227b07e4019b763cc1bcafbf3f98a69e0ddf2bae0869a2b7bc26aad2278f72cedae4ba0282327b5a123d34e6d7b69cd9c65e9e58a7ccd9375746cd9e0bdb9e5d1f9d0ca55eb1c311dbf6a58c8b8e2cd3aa6fc0b4d575f175de62a32563e09b9256f5ccfe83983cf5b88952a157ac904dc9a2558f829db292067fe38c4e6e6c0c37f60d542e3aa058d2e8430021b87fde64ec2a842018f2d32d33b447b7e331129734aa82ee4a7da3ca00b90505b4439ffd1321d30fbc922c1f87feda3eb99f905e928d7a160ed55b16921d68851fe514f0a0720165b5f01486af5993e2743049671c6f226f8329b78fa01de287e3e973d924dc96cba179f9f434078203c8995de76e39187a336f78adef37532d9bab9c443d30e9bd9277b9d47479f2a53e854a6d1659a043e13fab7a3b80c2119ce4030e4d9245eace2701b96158b679535126365fc6e0d7730c42b4427fe548e631771508101dfa82e5e03325d5496da2680a9424bb6ebd37f1767630ac5e15e00701f8b7a422eaaa26a0ef252f591ebe18c4b5cfca0ab7ce40a37746b495cadd77c0d3ccf6bac767d0add468fb651f6599d96a1a12f3fa7b5dc4ece20560148dba2d056f9c5d93afa513a4cad49b7d3aaa2cb38dc614b1eb1a0325b44fe4dd587dd4196875c29e919bc2b99db1e96684b8290e6c4b1fe81d6620293dbfa0c481aa54b69e8c39d87269210723f3e61a01d59e1b4f4474f4aebffb79bbe80695e0de5faae396e3c8677459dd8e9e359022915aa6b81dce6e5fc40b1ff8f470db51d774b92b65f52762ab2f508ebe422eb1269208e1906de49284b0610d5478b60fc8b4489501a2f7406a74346197d03f0bbf53f31ded12b871bfa79de3e514e1144175e9c0d2c3d85fefad9c2003d4ed87aee2e6b3b92654650439dd240c0610bb97de23532771d7900698ea45e5c071683a965edf71556c8b78aba47af587f34b3844492acfe768ebf03b268f086940af1f1022d16e1ff6d0a55e9cf76b2c470d8873ce091d48b2637d208309419e524964b5cb26bda4fd3eea6daafd9ed2a1e6631d1639f06b38daf09353dd847683f593428860217b8356153422c028f99b5da0d2b23c23543187dbdf83789527c035713cf1375dadf29dc38becfbf62454763781fa18ba82845e744bbb788cd6e40b9b3e91284dd479511a3bcf6e704626172500b6e4775c0f5e8b79e5688f5740506caf2282ae7cd567b918636bb4c56ceaa804912406aaa5302a941c16d58b52665eae8c436016a5170b69e91de21571d28abc2f78f8a4f57c67bd9a36da865a61e1cd3ee934ffe4e3d3badb692b2ea6a2df509f6ffd6cd8516cacd079c363295b56cd6904998c1f5a62676cd3ed1d4948b118c8c7f358ca1d709484cc508aea60d23d439814d517f207f567379f0b7bc9093882c2e1840bcdecbed5a662bd373bbfcd38292cebe7959edd76583d99033e2399b124beb42b2969bafef75ba533458a54607851d43f4b8b0193d25c737f3e0a8ba467f9fb3f8d5f7d299de45da80da045ee4637a2a0ea7e9d887a1850578e6051dd1e612646e272215ec3558b47fbb6404ffb586c0ace590534cd6f25381eaf1692b86576e449c197a602a145e7fd454ebdaef37409693c4a8c1087b0dd29db17daf139887850475cf7a86010c79764929ec0e6dd36792cc8caefaf919622152a63408b2c404f58071c723a6a3966f5d36d8c82b5dd97f9098fb68ea5776ad1408d3cc871ec0e08ff876fa7dba4f82a97cb81ee48bece564eb891d36045823ef5916b0aeb651d8bf13b4cf71173b6606817f4174d0f84789038cb2d5609708008f8071195d7d8d1c56c7fc17e49234f466a1f44b584d08806b26924a3b3bcb9585e7dc10337bd6b0e0bd571afbde4f4d5b2620cf73a29fa0a7ac77086430b2ab67edfb2707c917ed27a0df09c46ebd0e9b2fe99e57c5c1695e187bcf0e8e8ce687d724f8af3e6addc7ecaf42f5ba95ba14eef665713a7d4ad929d26f6bb1e7f4066773177d37db5f7c319e76bbc78686c3f28c6b2d9928c16cb68ef8628ec981b77151cf63bc2f211315a47efe103d137ad12bc6093fa67bb73d137a655e26a87f7743627e6082b15206441e10bd5185d84ee526d88f877f11c698519ad2fb55910c426e3c4258bf18493182dc227507ddfc56aefcf39d8665b667a9eb35306ffd71460ef9f7c304909fc2e56b25f3de90c919430ef393f3d98599c0bc6fa3b170d5e780ed2f5640dd202f30e0385f9fcf17252d8f63eb2d246aae0ec78c71c769893e618c426e8d0b0dc85a7c103d962e0abca99061b6ef52ab8a6f4da6a85820e71b3c40fe617158d3d2df036723d2ee1ce478ed57ee841afdb3d746e6535000948eba5e57324fe4b77facf045b646d869e19d162511a3d72dc6a3efa1dc9458aa14e0d954cb3ebda20f33782de2ce816d08127c495c827dfa07f7f0e901964f01389a0aa54910ebe15161fa49a302735eae940912252b826a7151f0be7edf24fbe77cabdcf556f9a7d7a4cb112c2531af7a15c5df1ee56e03324ae50d852b4bd6af2ab3e2741f5d996d1b404a926748b59ca3e879985bfff97a1a5c083a0ca25d402813ef738c6ad40344004f1920799fca736dd29431d9fa6633991427b8b67fc5db8f58130ed1f3ebb54a3d92f346bafe0f69c3db7219cdd338e18410cd16af141a171d7e0da74ec37ef1729b1efa25326389497ecc97eb1e0e0acefcb9baca2d17e4b418df316208afa58623be762163f26cee07d9ec5bcfd3edb2e12e34c380f9562e023954a6379b12aca067c442486cb6aace195729611dc205046a95a655a750d727146f1d4d0da296a326854576b9c487f0224abe40bd23d23da979e6661bcbd461a15d10d12d29773542d1a1571505d4ae620d88903a238492d396936eddd1f50031fb0272305b12210ffc679cb85a5a6e3b4c6103d26966f311de8c180b146b2afa6244078ac7bd9e024b978418b79b6e9552f325ae270b94aa3cbbfdf6c5c691ac7b0b7d32661e1bf5a50d2ec2df2cee88c549adc6fa8aad80648cb9f8072cd86c01dca34e5ee552b1963ff2130dab015793410f8feea5341bf4e", 0x1000}], 0x1) flistxattr(r0, &(0x7f0000000000)=""/56, 0x38) writev(r2, &(0x7f000051c000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560284470080ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) [ 632.151698] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 632.158228] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 632.170285] Interruptibility = 00000000 ActivityState = 00000000 [ 632.186262] *** Host State *** [ 632.189585] RIP = 0xffffffff8120427e RSP = 0xffff88017e81f390 06:00:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x40000000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 632.201114] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 632.208103] FSBase=00007f09035c2700 GSBase=ffff8801dae00000 TRBase=fffffe0000003000 [ 632.217533] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 632.226545] CR0=0000000080050033 CR3=00000001c93de000 CR4=00000000001426f0 [ 632.276747] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87e01360 [ 632.289127] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 632.305343] *** Control State *** [ 632.308840] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 632.323117] EntryControls=0000d1ff ExitControls=002fefff [ 632.328623] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 632.335887] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 632.342851] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 632.349769] reason=80000021 qualification=0000000000000000 [ 632.349779] IDTVectoring: info=00000000 errcode=00000000 [ 632.349786] TSC Offset = 0xfffffeab5e018d0d [ 632.349796] EPT pointer = 0x000000018a2cd01e 06:00:35 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x1) r1 = dup(r0) ioctl$TIOCSBRK(r1, 0x40044591) writev(r1, &(0x7f0000001380), 0x0) 06:00:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x300}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:35 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x1f000000, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x200000000000000) 06:00:35 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) [ 632.733851] *** Guest State *** [ 632.739642] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 06:00:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x408}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 632.790103] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 632.799355] CR3 = 0x0000000000000000 [ 632.803530] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 632.812091] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 632.823762] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:00:35 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0x0, 0x1}, &(0x7f0000000180)=0x18) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0xffffffffffffffff}, &(0x7f0000000200)=0x8) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000240)=0x9, 0x4) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) lookup_dcookie(0x3, &(0x7f0000000640)=""/191, 0xbf) r4 = accept$alg(r3, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001f80)=[{{&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/95, 0x5f}, {&(0x7f0000000000)=""/62, 0x3e}, {&(0x7f0000000400)=""/55, 0x37}], 0x3, &(0x7f0000000540)=""/221, 0xdd, 0x100000001}, 0x4}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)=""/141, 0x8d}, {&(0x7f00000004c0)=""/5, 0x5}], 0x2, &(0x7f0000000900)=""/52, 0x34}, 0x7f}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000cc0)}], 0x1, &(0x7f0000000dc0)=""/80, 0x50}, 0x9}, {{&(0x7f0000001940)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001bc0)=""/118, 0x76}, {&(0x7f0000001c40)=""/250, 0xfa}], 0x2, &(0x7f0000001e80)=""/250, 0xfa}}], 0x4, 0x100, &(0x7f0000002140)={0x0, 0x989680}) sendmmsg$alg(r4, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x359, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) [ 632.836564] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.853650] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.861955] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 632.870703] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.878926] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x6}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 632.900712] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 632.921854] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 632.940313] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 632.951850] IDTR: limit=0x00000000, base=0x0000000000000000 [ 632.976745] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0x200200) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = dup3(r0, r0, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000002240)={{0x5000, 0x0, 0xc8afef65b84a950e, 0x81, 0x100000000, 0x10000, 0x7, 0x1f, 0x9, 0x11a, 0xfffffffffffffffc, 0xdbe}, {0x0, 0x10000, 0x4, 0x8000, 0x9, 0x7, 0x10000, 0x3, 0x8, 0xf32a, 0x1, 0x4}, {0x7000, 0x1d001, 0xd, 0xffffffffffffffff, 0x2, 0x3, 0x1f, 0x5, 0x7, 0xf32d, 0x100000001, 0x5}, {0x1000, 0x4, 0xf, 0x4, 0xfffffffffffff8a1, 0x20, 0xffffffffffff1f25, 0x3, 0x6de, 0x3, 0xfffffffffffffe01, 0x2}, {0xd004, 0x1000, 0x10, 0x3a57, 0x400, 0x9, 0x400, 0x6, 0x0, 0xffff, 0x2, 0x3b2d35e4}, {0xf001, 0xd000, 0x4, 0x3f, 0x7, 0xff, 0x5, 0x4, 0xdecc, 0x5, 0xa30000000000000, 0x3}, {0xf004, 0x3000, 0x8, 0x10000, 0x800, 0x2, 0xffffffffffffd346, 0x2, 0x7, 0x48, 0x0, 0x5647}, {0x10f000, 0xd000, 0x0, 0x800, 0x9, 0x0, 0x1000, 0x200, 0xe2d, 0x7fff, 0x0, 0xff}, {0xf000, 0x16000}, {0x100000, 0x5000}, 0x1, 0x0, 0x0, 0x2010, 0x5, 0x1900, 0xf001, [0x5, 0x2, 0xff, 0x7fffffff]}) ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0xe35) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f00000001c0)={0x80ffff, 0x0, 0x2080, {}, [], "b3a779db02950dcac6a301526bea20b277557688c043b67b25eb117d4abab7aef19d611800093cbc4bc028dc45d2e98561ec4d741a4c8a82bb37e4ca7292db59aff3c61857e8555c4d7e2cc9eb98cde0bf30e8c3a1a46c06313f54171a5ebc5fc84ad3e47f73ccc80087b8ad68be13af9ac28e811333e12a07df58d3a247e46b7ef7e620bb1ce99fe784bb8a5b911dd2ca904d4c9202734760e6ff27207051ac21d7f6db2254380a780069322fd6baa0f49ef3ffc87b6a168059b6e555ef9b7d17aee41ccbaa9882ded2cc9b89018e639f7223e27a11b0451dab9849946c89dfc6cd5fbc139f5dc0f1eafc8af848e78edab2fdead94c62c80107128bbfd57cb3ceb85dedecdeb676491d3dbc79f60ed25557038ff51262eca0b2596ed41dc3f500780c56d04bc2b12d3c6205688d171b95195e7f3c99d067c55489c8f8f54d9d9dcff8c940f19e1bc6939bd7be3e6463269d0cc860303d7f70601b44cbf17ef34c390f9b4d8cfd77020b21ecb48923e625a086502606ef353c3bb0528f7ec33bbbde8f248497939821860cfcab40518285b7571d904d42412d906aeb6baf9bc16fd9dff6dbf718f239aaebb2344a9cb5c5e679c7565fcdb13546be21452ee632d43ae420b7a1fbae40b4bd5d25e18e69f1c86c4dff51e328ad3449e254d0e31f8fb62fbd5d95e52a4ede4b5353be3bc9026453fa89c6a14d8deaee1db3249d6c3576b32d573cd55a1e8ec9dec734b8d49d011c0144a49fa44fb8b2fe4da3539fc144cff976c4a7cb6cf7dcc1c11b766e109438a0d6782558a8b3e6c081d240917d835df806c4aa49e8990216b49b5710c815e0e4bc6545a8a374d6b7591a80170b9f790f5d6dfa032372b3872feba4f548c3c1cfde0407236213896ba66c37158486b9865962c23af56518f525780325280953a9710e1a4ed005517e8e869a01754bd0ae05e6a990bf5a595683398f5af1589d819b47fd49328ec20511f0aa650099cbf93a2228ce38edf427e059dd80f562bcf85398cc028d99875fa50a4c0d61d8e9276ae9f1cbac68bfa57471a2adb0dc03c1bfd0dc45104e066cc4a56b5da0f840754ec2d01a4df61d1ef46ec5920a29767ba9c25356b3d4731fcd62b2cf82811de8abdc277e771b543cffdb06f212e4274a0b2709c5770540702e4afb3c3c6f504c4034381742a53ddf0969601a437a6d3644688cab50fa25c2ec304f25c92603cdc272dc8ec6e0304fae67ecd66f0f2f6e21bf5a9bb67de087a4f2e0a56e5519911aa1b5345fc518f1f8be87cc2fe205f51f29c9888f7f2d11eb7315a0f421d2949b0f2ae1e16cdd0fbcf3eac09e821330df43661af1db9f2448022cdc9400f3ea0d98bfff55537a768e35d7cf0586e9f2ff29576409e84083a5a495995f8487408fe631ee89999532a0f68dd2c5b9f57a74ad2a1f5b17542a540f32128790d3deb8d7c316f0fb013ab6605b30441ac097d51c7305610b18634cdaa199cdef4a2e1da571940a713299005ccca398eecf1d3a8f05d5b2c1fea80ce3fa95a941a184dff05158a4c358942f6913fda18f6ada13e181c60131c2f104a7d59691f6a7c5731ac3aa391ad8ecf6a405ec27e528477262172b4778df7df20107ae1a3f08a533c98bc693923fa1a21b61f139a7f6f00a3ff95ee846859ac33950044f8cdb0cb9c973b1229295e2ac4383deb6d4068ef9e1b8ce55b723362a3c0bf5601891719ed9468a8da462cf10ecf7759f55cfd2ee14bc2213debe21e3c54a5b56be0d4254c2644dca22de65fba8c9bda2b22ef84faa3501f3da1824b83af8031e9668fb611e3dea7ab56dd763e46a246a24116e25b620f5a4b201122b60c55bc91014fab9fdeaabf35633f9bc2a5b96fc89e79ec6eaa7ff2d92d1d7a34d692e7b811639062b5ab13d71667219af90aa72ac036155bc3561a6aa2f1d399ac6b4f6e205b99ce4fccebc1e4fb75fc939dfc007725188c770777fad39a54fa873876d44ced32499e08f479bb5de59f9f41a92428a13cc3c8e02cbd3036dec9d589d608af3362442563c0326258f032453937ebcc220754675c4ac47548112fc684c05b9a2c901d56f7eaf8507d19e16137a049086b331f975fd086d2b06c2f09266cab9e7ea73a4491be72ccfb7e06b92793e5cb42d6c1e4bf4ccf833cad81149bddf7546ca08798b176dd1ead417a3fb978632c6473ec7392ec519d9b5d990c0fe245e0f1f07e5b675481e298f470230cbe2b20214241162f49433dad89d51c3ba1b84ca7685f8d83198c3c471ce31202fe771fc8ae7314bb5c9919cbb824cc2183a458abc3818d2255da7e4e67e95ca0bcfb679dad50fea5edad4819c91006306ce0a3590f6f95b7be8b1463a021c4c0b763d620862296e93504543c1c1548f9d5c34c669041e9432c6246832d6009bfa2dcb650718a508586dc6172a36d8bae58a2682353a38f1afde84344b2617e88f322d01142b1900b7f78e03f9d3a6c42dba0d35ba7dbcc0088f470fcd2224e2cb0dc1a9f1296d0232616dc692f1306fe10619686ef7dfcf6d8762dadf0d5bf00092e50440acc047e0ce9108141122985caf18a365218552c6d227e9eaa2d1055f54f430fe33c307c95307400c55925e868af0f556d6895f2c167399d681660f666d4a7c1921baf9cc0cb1e87dacc6343ec54f6c5da9241bc56a3669009fed702c3d4cb4b072590d76d85eb9104744f0941be3b033d7c0bbddb40dce3ec6ed966090b5a8fc7a9ef8890dba88ea886b4ac88d8c776834bcdbac04b6b75d7152ff01495f961b26397f3addf542a2cc9db591dc328401eb1474c577bd7d77f470b87aedfd770afcabaf705c172a84f4999f56d4010125ae0ca94852ac6c5cf3c7c05770442102f60bbf8bdc92b4fc6b7ac1425601f8cd3480a9065887fccab645c4ee9ec839deb46ca47cb5dbe4ecdc75a8f5ba34ae06151b3ef666d663a62b249d9dec36cbd45e96825b33fd2eabda3437d0193bdea3a37ddfeef523bf2077e70c9ce23e1d6274217d2b24493d71e7cb23efdbb4158493add1679df686ff20a75ebb708c97aa25e252e0df44ec439060eb958a4c6bbb9529ce569501ee0112770fd3471df7d54539b450118ee66b908aa7b2e45a2c2df453cf914cd22c571ba89b323989175e997f72a43ea0713aa9336a3a47d41bce34f95fdde2c1dbc03797a88547550d5a11d5734e9af9590f7757778785238d6e0358279822a2522ca040a516933609634f1c9ff98d966d2eb182651c8c36ae25208b3e85b044c58bfc0674ef0dbb0810733dd917cc70b132a3712a4e1520fe7416a51c8200e9270a04c405db22bb49da2016d335846ad0364df05257ab21f048911e9e12a343cb50cfbc004591c22d0810a6af415bbcb6b050e7c912b64bac1542448f048efe294acdd8cbb5d4e0f4c144da8ea0f9a50b9722b9030dd314f2b82f77a82508c82e8f1595c04089bb4b9f7f9cf2225ed60e439370fd9ac33c73ce5ea465cac3aa6467d1a0f015fc61734ee8ee20dc423450d81d50e76182a5e6c082b544dddaa7a011271a60a786fb848e274170383b9cd22304282cc468f889e41accb2275b683720fc0eb8073d2e1f080cfbe13452ab8dda98ea0833a20a9f3e202ac8a4b045f4df81b083af7c2252d45fa0c61b7bf3e79129b297502292bdf325e70350d54ae7a6a35bec174c8d2bfb20c616789a2b6d1ba3a41adadc23e1f7e7c95e26e1f1c7c3fe0d47c29bcc23e75450aa7aa5583f36cb91ff57468a906289baac08c957866df514d667daf0296181e6c044e072eb05c076cd85ea83e609dd83d1f4765c4c36bcc057ef449fe9504eb2d3dc22367309c44d66d97b685eef1c5f8ae8461df6852b9f0ddfd8e19ee8f0dbd08913001c4c33f58fccc911e606fbba56bdd3c83471807c0c57ee194f0ca2d5952321c7eb317112afeaf4f2b71ab7f6980639299de49a14fb73e160cdce1ece1cc4b641d3c8aaa4c09d616a5c145cdc8d2e077e02a982341d41bcba6839bd93ce0744227f9d12eceacb8397f186cebf7da8dd57b31e29d237dfa62feccec898359d4a2f595efd1ae2713adafb2e53475e391bec570e5c49baae11e687301386c3ecbc4f207845632ad4f949f2447293d65bbf6ae33c3d3f800d124e9a049f62d179787b8a29de2063eb88d9643f079d68c12d077cefcac651f041335d0720b0b8565f469299270f17031134e87a6fedc4761fee8743c6c492f89ba9716f95cca0e6a5fcce476df4b2c32a85f6e02c7fe05e883d4bea24ffab63acbdd22be1895a4f63de60572b8389df6ce0d27f834bfa9eec505600c7325239a5409137b6aa19f6dc486d305597aebfaf542f2b738499e06f1ba9a5689bb9bcffd5b844037cb8cf63575620f969959fe7a37aebee0270a9aee534a6b8729471c6082618c83ef7b944af7ab8465596a0d73014079b7bc09105814f556db621209f5ae3072a357cb0e4a8c6f0f9647c5db8b024a85adc2a7431b02ea128c912a6f74c1e52e439ae514ea6fc0deed490a3a0cf41c0eba3b3a7c360212d85cb37b078b3d485051d1603ec9b222094e4a12d13222a44d07ed69948260a90a76ed2b3d0351c3ccb1a6869ce5f2453d4c61bd8822c0bfa2a41d5693e2b6ac35c435c8cb353e678c6edc3c0d173420c60f28595e793c7b0aeb37ed1acb0151d178273ce7f5531203157271cd45f591a4d2d0bcea1042fae9641935f13d3cd98d0637787a04e3d1f07430eade18b67dd9bf86882cee5dbb4fe5a3a8b9797c8d79c05c183b836af1dc0842692709917a5b9675d89637e22dd0f604431e3e29414cd42c87801a4fe32d6b83f76d3d94afaf92d53838afc6f3fe3b764832fe751492416a6391721e9e23b28e36f96b14e408e1394953ee8d2ed1161e18ca802c525e025b337d28d9d0a582140fdd61dbf1e48683d728a73e228cd635731ef43a97e6a4e93b2139b523ecb946b92e8689e4ff3d143ccfdc2798fd0a17627d4b29b619255d32e271c30ab5dfcba4ee4c85548e3c02ee4661893ed162faef0c84e630cd3b1e2c6c8449ae7606609dd183e493c2c2f86850367cfa10ef6cd460a5ca220dfdf26a7771274c47a3728385ce11b3a8d8226a10d962e699ee7a296ea2d758cdc465c153fa110bd3d59aa9d6af8eef35a26e52e638bb63368ba2212e3c799ded70ca003c9f5b5d988285721795012e9ab7b0178cd30d071b67098ae917d7fb396b3ea5258424073bb9c87c7db86074bb3b9b58ddd920cd8e4acd29255ca5706b322855a9e64019b2b081b263b22bb0c7b77c68b67e694398519b3467f25732cd46988ddcd6d7a0d5e49143bdab633a2e3e7ac4c623843ac1af6089c43170ac71806783a181c145dc87ef2c5ced0c08a3623f874fe69dd1c4e10a37eae05f6da141b70a6983b9d980b2c329a8ceb6ff7f174dff5e9f2896b663600520322cff1abffe356ba1fa49bbb76609ca62faf77e6fbb8a8d3830d9e0650a06664c6a5777ee90fdaf5f30ff55761a873092c39d67e62db43a90751bf70bc2a564d80150676cef4658395ace88b8fd6f7723ce2e70ce3db4207f9a34b1b1b886af446e9e34d2203a2c60a4fd7b5c41d793af95a1babfe35b93734f63fcdf5271f5fa35da451753d6ec48dafcd5d0b3f432c6c70116d10abe8d8c14210fc7039fe08cf36884f44efc73066196bf1c48f8620ca206d5928ed12d93dac5ec5c2cd43232b0057b88a20c36e4c1a7fd5fe659f4e915898daad9bb622eb0926bfaa0a9bc794f6a0b0ea5bcb019c73353d8e0e799b6e243e42518efa", "6bfc625e22de356ad9468426f3903b305400d1c9e9bba271c3c2efcbe01934ae743c319e344e429142ccba29dfc5032e6b9ac19e852eba0f8938acce75f388e12525055270c16c390c876028a48744eeb1267a9a439497bd4236fc54f8cc5336badf58d6e153155dc1c6328a52557cbe1e824354e44c0f81766574c41039f574eebf575a07a6af8637610714755a48f23498779392174e97b8cb37a3a1f97bc017877f1d220bc64a481d0e1375de8e9aca385391b34f1bb9e20451bcbcf700d8cfdb89732103a07db620447a465519b068fa4c8aa8c92b77b3116e17fe557a25ff2ca890bb6aa5980bbb5f073a1b2487352fdbd046bd83a072177675c3b196d5f84ef0d58e9f0e9af9a8cb2e5c689488c2b5119e38d912d84dc0f2d1892bd4e84b4a096e0d00c5698ac93a29e4fd2e9277f32ff66d040eccc766c52e2749a2207c7c3d3f4d8b249523a5a85366b09021ed5158a0df5c30632a816756129611af55e827cc9e656388684119530f1771eff1303ff57c11038c44bc7fda5dd6621ac46e23a9b9aaf287ff60754eb90448ebcb5068ca6434e08604993d4bbd7cac0863f1c3cde1122d540d86c09c2736a5634ba65e76905fedad572cf8501b6e81d9b6e6c0be86fa39fe070508f383c647d88e94f803ad1b5ebb29b555fdb27a4c597e5e216ce94c26cfc8294edddb8b0547820b6bebbc27dbb7061c6648e0fb5d3483a669d9d916f30befb6063da62acb01c6bdde77f558bf7bf42195dd089914f24e858254c264d96a91d7e1b63fd54653be49b0a8bc9f595e443764f14ccf07545221fecabe01fbae7cb2c19030c3bcd85d0b8ab7dbbbb063d77533a36de214fc1e50af7b7e15c60aa9afa75ae74dc765b026b2108740d7264b570dfa6c43c6e62b23cf7343bfa24558fee65fa06104cdb5850da9d873ba7cbfac2eeb4142e66d10d0a3d98cd16ded0d65c2e1d2016b5d2edd8b066278cf6f8a0adbb8697b6c6042a47d3fcaa5bcae7389b64ba6972ca05cf93ba50b957bb0647bc9182d783a3698e5ef00aa5da1951d30c9cb57fb6d81f2f5f1b48437e3de9bffcdefd7574b1ccf01298df6827224d41430db266f95286dd7381c29f5d0d60f4173c235a7039adc5031007a96d5769b389cdb33224a7ced9b0f2b1eeddb8d7bffefdf0cbafb468067d96b1362376419a43f9e0c70573c832df2448841a26dc6f3278441c698b5274ee01856e955a90ba3a4900b016bd7b12fefe85491ed14ca9c803186bb3612b0b994bf114da962f08681f1f79ad53ed95b1a3c78528b69ac1d2d0ea842818149f2c55a34fd08dd2168ff959bd264d3bf69708235bd34986e75bcd478e3b1c04655aa296cc60138b1a45dead0da6a5e918299f951ce31016bf264142108b1f10e80a3f450fd1c7b10dac9831d7563058600b053348be3a62e5b7c86470303d072b5c3d2c6b18bf1655b9cf5267cba97c32d78b9ede42fc950cd654b49a8484c0e2e95be1662f3d7db1834f6897d7f912fd554df1cd851fe2cf1364e56807bc8db0f07f87844bda4b6caddcb6a11027d51eb529592ee193d807fec209a69a4dae3ec07cc5a7c4d9223cd30ceae0cc75f7306c5d67016654acba081ac2920f4b95c3383b14d2efb7febac52bf07cc0ff55c6062505e6aacee995477cdc1feef2860d826d93e7301081b6dad5dd1641bdf8cd4a9a015e560e052550b6c77b0ce82246fe4ef97fbc7de4716cfa322404961e6f866326944ed4d90be9eca2d97c1968260f5ddb8f3148aff5251047626d667771b297c680a79dc283ec50bc604e274d629da3d24a178f10cf03c4e87b26132adfdbc264b962116fc4013057092ddfd3c406d435eaa93a35206190be27648a54649d3a05392125852a530616ec3b318761ed5ff3cbe6e6f2ff5bc8e49c3016dbeccc38b2f5b2358a484bab422b62dd17f7a7949180513ed52b05b138f2f9212b11b0830c12a525dd3968f6675b1a7a4b0a406406c468c0182677cb4ce739de2546b5fa29f29bb777fdb8b5e7902128f5c35cc76b295cfc692d9f3843e183b7355521cae1be0e0c7fb43f2ef236a1a422e6dec008a6b8e6c84f7e5176ee2877fb113573880850f927bc847565f5953f91b7bb7788013a6ddd311b0966503d59bf29d9d6e2f445dc0a82d60fa47f7a720593d765e7971e79b4427d360dd2ad8a2de47ab0ffa593ae766c8c5b5323872a888582729ec4cced2ba592ae4e0dbf16e7fd53abe128fabfe96b61b3a1494685725e93e239e700e23321b284ed7d2c939192772098a20649ccaab7c04924d937423829f893dbb4d89b34079e031dd4df1fef833662d47ce63bbb7fca5bcd87ba04047d91f93b5012d75078d19e3f543d77904832219be45b9f2b9b5d235493c78f15c64d7e75ccd72415ca6f5707b7f647bafcb5f64ccd350467ffa8deee3f31e5f5c1f772a687204942c12a1fcebca8e48f4435d16efb5590d05a30e37639ce3b335c5a4667c04fb3ecd884e226f4eaf5a7dcc16e22c0140324bdf7295542b35731877dbe2304c792d568b325f62d734f503dd8c43da513af050944b11acacfc11c236430ac13882fe366ce7f67c9a59a0ee8a906dd9995e915924587ba17174ce75b2f3b1261aab50e8bb9161ebfbe0734f66a62d184c3661f726ee52ba479f63f36497ab0311718d07fa04b6f3804171dfa8ea1f5ed249cac745e9730eda89316c3b9210c0eb216ad4c2df1b047ec2ea14e82db1a60d54d3a669fbdd960dbaf54f03c0e1882d75aeaf47ff9636b7fa44b4e893330ab572f6fc10c9ab9e4cffdef5f9e36478b92501a19289bd80f5a539688de0a27cc5459b24928752a48f7a334f35b0a4a3f138c189ba7182d545f14f13d764cd22f383d7c92c015135ffabe527f37facb2f2941925cf1d8bd0c8818890c692bbc3f748bd1f45af9c79a406a1e20467f7d146d631d667032e982c5e1069fbb7c81a53b44a468ccb404976b5d458660aa413b76d6f42ef895c513c63116ce4e2370fe6c2d8b1e20289090b551de9addf1715b4905e355804192a5c25e70f025ef1e6ea783952bc2d3d299c089999089437ee308da3f4ac26c4657c5a5f6c2a4e21bcbf81d8850fd774845ba3ab2837879ebfc94070fbf440cea6cf27e168598ee04525f7212bb3d94d29aada7ce43e264f809469b270dc41a6f98f4bf7125c272b32db74ddfd464f62392135ed13882096a4aa3b4d283d757c967b097fb7724f6ee95ce4f1765cefbbbe4d374db3eabfc19b9435df7dbf9d7dd1997b5ab086584b7f02381313b3be007fef27dda807f1fb2ec78c75cfc0429a6707edfae53f1a57ad2b54dbd5e59f67ca7ce094d50d6133cd169182d295af3b8ff9d133a06f4937a653e9b94eb584de8887b07b8847c6128488141864e34164603d0059fa75f1ba6950a4e1f2806ab1c6276de71d520d202a68e9afa63ab3a9d7823df72429756ed14cc2e6c74d27c736d94bd0125fdc743c671069931670c27064cff311cf659feaf62b3896ea47fa1646321a46000491f2b7b2ff1b2f6acdcd6b1cb924ce5e8422ca5e31f85a50508183c1b733a46de816544549a0dd6254e0fb0b49d54139c7a4f87ee1b6241a0c8a507158827753d79c5e0b933976f22672b992ec36471dc9760d8b31f0466a3bcad078705394ead004a503d9a69d713ef52528906a89aa6ec17362b0075613e729e13a3c2f96e3be48e6ecdd95466775adbbcbf36c39db842650ed5baed4e6e53a3adef8261f1bfb293a6c0f896c4055a6091040421b03890acd45345e137fbb0967dfe25d626dc3013f827b49f6af03dd2437d6e3d51b2873deb22f3b727afc208d57955d2ece89253ebc04d550a979049aeab7b4f497eb5bfe3fc14c959f79cec681b8a0f1e67b547b5461919b0472573b2d411da4f1eb7b6bf105bb496c9369d504b5c2b9054cb5af6d52dd1e1eb5cddbe22de281c629a7982cca587751e6b084a734815cdff990e46879d6f7f3c1dcb131dab1115899fc947f364712c41cd14d36762a5c969e5ddfc0fb0e32ed64cb16c88acc7ac01dab79820120f5ffab602b123c188b1f4e19fcc08bee7dd3a9633260f2af7f05cd1b2dd8633a840226c2e4097fdd2bfa77185c306b1a4c51b77eb5948f7e7f6a9afe624d80c2476cc044cee7b84833163151974215f5a1ade7c3f661c52278ba1aee551a5760e85d797fbdb90de44408e83e056085c4ebad0af5f1c0f804a76675dc0ef80bb95a2f3200b41573ff7b071c736f17a3a58efa00b7cf1f7c2e91ac50ccf95c47e2fb4cca9ac4234b942bc51c53651a97406ff34416a6cd28df3827d699779535a005e6558f18acf58cbef60290b802c0e1c839c14b7f77b903e7fcc9efbc1dff641df109080fcc77dab6a24a50af939b66b1e09187ed075b4489e1b869bc10b9555f826ee78ccdfb2e3962d772f1c322de8249e0a66c75e77d5252c34797dd77af09895efad58ae3690256a12c26c011da2daa75e055d040c6fbf57184a48e20b285871c87f725e824694f6f40013cf41d348662e56c5f5241f2a2d7a5b3484a6c0988d6c8fe33915b06370301db33b09ec85e0a344bb02647c0c92f382c600f59aad0e744d4e9e71820a290af491d8177faafd53b10f4588e030412e9b9a476b62549036796b17ddf9b54ad8f4e74a53d91fe29efd19b0620af5338fa05945509bb6b13d26e3c2a57aec14d15567c6b864a7eeaef79d060ea24a95101d07a4e5680420887cd3717abea625145431dae9b689049453650e91ccca11eb541b44fe4d3454a678ca3c9144ad69668d70fedd774144f4ac9b9b07df4630a709ebc1b992f69f9644ea0f6445c4be3a8b011b36ea2ca660f2baf3cf4c19b5235ac5d07249e497bc216cbfa9c5c9a535045a09c539fe952324f81f263e587fbe9c2035de91ddfe68ef7a977dd6141bbd3653f36c73fb3ec0929f0e21060d45230d93f6e34a1ee20ee3eca8e514237e18c69977a5bab614f9dd863686682bba0f2fdcae0c8e4baf3a322c93c8ca43555a92cce9917640c0cfac95cd4f69ab64303aaa6d48e9a0a7ee7a8df804b2997923e5b8b5841b6c56105926641d2bd239e5b0d6135c5b57c7e9f05edd0dbf1401dc018741fdc5081f9d7a74965a9573a2f4aa18affa9e7332a0e6982e514e1e9f483cfd9f5bed8185bf034b583023c216f0efd0caff2becaa368f6bf466e73f6f3c3725f9de4d3f1b478db07a4de41263b9fc5af75d160abd375dca38af2970cec01c847c4b90430d169c97210847e15030f61fef5fcd60ed0de004baf2cc5bcf9edace5e1df32fe865204df26ca30248852b1dcee3f519dadc1940d59e466020079f1ea1a9bdf16cf75be7e908a47b3bc861a8a4affe3c8e946c2c188d1b6f2fba22ff1e8144f47a06002750b2f2e7cda09f2763aa3a03bd40a2d5ab7da2d9db71f375a449ceca43fc997ce26401459d0bf9f6be403119e0936ee797e61754ed3e8798ed830758ab88f945e7cd3e00429d7658e2b442654e99089242901fe05c97dbe47c790a81122fca970a295681ae3fa1725e2b02aebeaca2d5f0c31c38936c58a6992f971a9b91d3957a96a18c4f7c43dc1b51e26dc7881b0f3b28e41936b7ebd744bde61a9f109c6c5c05793b5c22db6172c97fe4e985d0d93865b5a157ddb1e4fd66a1026589a98b0c8a38fd02c98a9c87f11482c62d4f3fa24831614cd3863654b910ab7add971d0021b80b937acd7f80eb8e55bd8e641b91bed249a040126b6dde9e935fb38c7b5246d58b2dcbda58cdb05f435d698097a"}) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000040)={0xffffffff, 0xb2, 0x10001, 0x4, 0x5, 0x3, 0x101, 0x8000, 0x989a, 0x1, 0x46, 0x1f}) [ 633.005157] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 633.017282] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 633.045428] Interruptibility = 00000000 ActivityState = 00000000 06:00:35 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0xffffffffffffffe0}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 633.060669] *** Host State *** [ 633.069659] RIP = 0xffffffff8120427e RSP = 0xffff8801d19df390 [ 633.077753] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 633.085062] FSBase=00007f09035e3700 GSBase=ffff8801dae00000 TRBase=fffffe0000033000 [ 633.137498] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 633.166434] CR0=0000000080050033 CR3=00000001c77a3000 CR4=00000000001426f0 06:00:36 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$VIDIOC_OVERLAY(r1, 0x4004560e, &(0x7f0000000040)=0x80) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) ioctl(r2, 0xc0884123, &(0x7f0000000040)) [ 633.202908] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 633.237141] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 633.268360] *** Control State *** [ 633.282043] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca 06:00:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x7ffffffffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 633.309545] EntryControls=0000d1ff ExitControls=002fefff [ 633.343587] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:00:36 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0xc001, @rand_addr}]}}}]}, 0x38}}, 0x0) r1 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x80800) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4) 06:00:36 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4, 0x3f, 0x0, 0xfffffffffffffffd}}) ioctl$KVM_RUN(r2, 0xae80, 0x300000000000000) [ 633.360222] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 633.367095] VMExit: intr_info=00000000 errcode=00000000 ilen=00000005 [ 633.375605] reason=80000021 qualification=0000000000000000 [ 633.382223] IDTVectoring: info=00000000 errcode=00000000 [ 633.388579] TSC Offset = 0xfffffeaada61bb45 [ 633.393180] EPT pointer = 0x00000001c3dd201e [ 633.537689] *** Guest State *** [ 633.542053] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 633.551028] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 633.559919] CR3 = 0x0000000000000000 [ 633.563717] RSP = 0x0000000000000f80 RIP = 0x0000000000000045 [ 633.569690] RFLAGS=0x00000006 DR7 = 0x0000000000000400 [ 633.575769] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 633.582456] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 633.594049] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 633.602183] SS: sel=0x0000, attr=0x04085, limit=0x00000000, base=0x0000000000000000 [ 633.610282] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 633.618539] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 633.627083] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 06:00:36 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc05c5340, &(0x7f0000000340)={0x0, 0x1f00, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:36 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4, 0x0) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000040)={r0, &(0x7f00000001c0), &(0x7f0000000140)=""/55}, 0x18) [ 633.635488] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 633.643644] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 633.651699] IDTR: limit=0x00000000, base=0x0000000000000000 [ 633.659967] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 633.667963] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 633.675191] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 633.683228] Interruptibility = 00000000 ActivityState = 00000000 06:00:36 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc02c5341, &(0x7f0000000340)={0x0, 0x0, 0x0, "71756575653100fffffdfd00"}) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, &(0x7f00000001c0)) tkill(r1, 0x1000000000013) 06:00:36 executing program 2: socket$can_raw(0x1d, 0x3, 0x1) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x0, 0x20, 0x0, 0x1}, &(0x7f0000000180)=0x18) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0xffffffffffffffff}, &(0x7f0000000200)=0x8) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000240)=0x9, 0x4) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000040)) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) lookup_dcookie(0x3, &(0x7f0000000640)=""/191, 0xbf) r4 = accept$alg(r3, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001f80)=[{{&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000380)=""/95, 0x5f}, {&(0x7f0000000000)=""/62, 0x3e}, {&(0x7f0000000400)=""/55, 0x37}], 0x3, &(0x7f0000000540)=""/221, 0xdd, 0x100000001}, 0x4}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)=""/141, 0x8d}, {&(0x7f00000004c0)=""/5, 0x5}], 0x2, &(0x7f0000000900)=""/52, 0x34}, 0x7f}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000cc0)}], 0x1, &(0x7f0000000dc0)=""/80, 0x50}, 0x9}, {{&(0x7f0000001940)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001bc0)=""/118, 0x76}, {&(0x7f0000001c40)=""/250, 0xfa}], 0x2, &(0x7f0000001e80)=""/250, 0xfa}}], 0x4, 0x100, &(0x7f0000002140)={0x0, 0x989680}) sendmmsg$alg(r4, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x359, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 06:00:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x2000}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) 06:00:36 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) fstatfs(r2, &(0x7f0000000000)=""/128) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000200)={0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x9, @empty, 0x7fff}, @in={0x2, 0x4e20, @rand_addr=0x6}], 0x2c) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x400000, 0x0) write$P9_RAUTH(r4, &(0x7f00000000c0)={0x14, 0x67, 0x2, {0x4, 0x4}}, 0x14) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000140)={0x7a, 0x0, [0x4000009f, 0x810000c0]}) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000001c0)='veth0\x00', 0x10) [ 633.710033] *** Host State *** [ 633.727065] RIP = 0xffffffff8120427e RSP = 0xffff88017ea2f390 [ 633.742814] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 633.760572] FSBase=00007f09035e3700 GSBase=ffff8801daf00000 TRBase=fffffe0000003000 [ 633.790012] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 633.797359] CR0=0000000080050033 CR3=00000001c77a3000 CR4=00000000001426e0 06:00:36 executing program 5: socketpair$inet_dccp(0x2, 0x6, 0x0, &(0x7f0000000900)) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x12001, 0x10000}) renameat2(0xffffffffffffffff, &(0x7f00000001c0)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x5) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f00000000c0)=0x10d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x40002, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0xf30c000000000000, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x0, 0x7fffffffffffffff}}, 0xfcf3) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280), &(0x7f00000005c0)=0x8) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) connect$vsock_dgram(0xffffffffffffffff, &(0x7f0000000180)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) [ 633.806043] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87e01360 [ 633.821797] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 633.832910] *** Control State *** [ 633.839290] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 633.851145] EntryControls=0000d1ff ExitControls=002fefff [ 633.863214] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 633.877185] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 633.884245] kasan: CONFIG_KASAN_INLINE enabled [ 633.888830] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 633.896191] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 633.902430] CPU: 1 PID: 21344 Comm: syz-executor1 Not tainted 4.19.0+ #318 [ 633.909452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.918832] RIP: 0010:__lock_acquire+0xa00/0x4c20 [ 633.923678] Code: 28 00 00 00 0f 85 3e 2b 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 aa 2c 00 00 49 81 7d 00 60 92 52 8a 0f 84 3d f7 [ 633.939453] kobject: 'kvm' (00000000c8c76ad5): kobject_uevent_env [ 633.942779] RSP: 0018:ffff8801bab3eff0 EFLAGS: 00010006 [ 633.942790] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 633.942805] RDX: 0000000000000039 RSI: 0000000000000000 RDI: 00000000000001c8 [ 633.942812] RBP: ffff8801bab3f378 R08: 0000000000000001 R09: 0000000000000000 [ 633.942820] R10: 0000000000000001 R11: ffff880183b98580 R12: ffff880183b98580 [ 633.942827] R13: 00000000000001c8 R14: 0000000000000000 R15: 0000000000000000 [ 633.942836] FS: 00007f132607a700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 633.942843] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 633.942849] CR2: 00007fc78d686db8 CR3: 00000001bbafa000 CR4: 00000000001426e0 [ 633.942861] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 633.949134] kobject: 'kvm' (00000000c8c76ad5): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 633.954425] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 633.954429] Call Trace: [ 633.954448] ? mark_held_locks+0x130/0x130 [ 633.954465] ? __lock_acquire+0x62f/0x4c20 [ 634.046694] ? lock_downgrade+0x900/0x900 [ 634.050828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.056349] ? check_preemption_disabled+0x48/0x280 [ 634.061349] ? mark_held_locks+0x130/0x130 [ 634.065602] ? mark_held_locks+0x130/0x130 [ 634.069840] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 634.074929] ? add_timer+0x62e/0x15a0 [ 634.078713] ? zap_class+0x640/0x640 [ 634.082410] ? mod_timer+0x1560/0x1560 [ 634.086345] ? crash_vmclear_local_loaded_vmcss+0x1a0/0x1a0 [ 634.092064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.097587] ? check_preemption_disabled+0x48/0x280 [ 634.102587] ? find_held_lock+0x36/0x1c0 [ 634.106653] ? kvm_arch_vcpu_ioctl_run+0x4237/0x72a0 [ 634.111740] ? print_usage_bug+0xc0/0xc0 [ 634.115789] ? lock_downgrade+0x900/0x900 [ 634.119941] lock_acquire+0x1ed/0x520 [ 634.123750] ? kvm_ioapic_scan_entry+0x7f/0x3c0 [ 634.128410] ? lock_release+0xa00/0xa00 [ 634.132393] ? handle_vmptrst+0x2e0/0x2e0 [ 634.136528] ? mark_held_locks+0xc7/0x130 [ 634.140660] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 634.146186] ? kvm_hv_setup_tsc_page+0xc9/0x6f0 [ 634.150854] _raw_spin_lock+0x2d/0x40 [ 634.154639] ? kvm_ioapic_scan_entry+0x7f/0x3c0 [ 634.159295] kvm_ioapic_scan_entry+0x7f/0x3c0 [ 634.163776] kvm_arch_vcpu_ioctl_run+0x3292/0x72a0 [ 634.168700] ? _raw_read_unlock_irqrestore+0xb0/0xd0 [ 634.173794] ? kvm_arch_vcpu_runnable+0x710/0x710 [ 634.178714] ? debug_object_free+0x32d/0x690 [ 634.183122] ? __init_waitqueue_head+0x9e/0x150 [ 634.187783] ? debug_object_destroy+0x2b0/0x2b0 [ 634.192439] ? __wait_rcu_gp+0x274/0x360 [ 634.196487] ? synchronize_rcu.part.53+0x104/0x120 [ 634.201415] ? synchronize_rcu_expedited+0xa0/0xa0 [ 634.206323] ? kfree_call_rcu+0x10/0x10 [ 634.210285] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 634.215804] ? put_pid.part.3+0x1c5/0x240 [ 634.219937] ? pid_task+0x200/0x200 [ 634.223594] kvm_vcpu_ioctl+0x5c8/0x1150 [ 634.227636] ? kvm_vcpu_ioctl+0x5c8/0x1150 [ 634.231859] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 634.237554] ? find_held_lock+0x36/0x1c0 [ 634.241604] ? __fget+0x4aa/0x740 [ 634.245045] ? check_preemption_disabled+0x48/0x280 [ 634.250047] ? kasan_check_read+0x11/0x20 [ 634.254191] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 634.259463] ? rcu_softirq_qs+0x20/0x20 [ 634.263422] ? __fget+0x4d1/0x740 [ 634.266859] ? ksys_dup3+0x680/0x680 [ 634.270558] ? __might_fault+0x12b/0x1e0 [ 634.274612] ? lock_downgrade+0x900/0x900 [ 634.278740] ? lock_release+0xa00/0xa00 [ 634.283135] ? perf_trace_sched_process_exec+0x860/0x860 [ 634.288581] ? kvm_uevent_notify_change.part.32+0x450/0x450 [ 634.294320] do_vfs_ioctl+0x1de/0x1790 [ 634.298196] ? ioctl_preallocate+0x300/0x300 [ 634.302586] ? __fget_light+0x2e9/0x430 [ 634.306577] ? fget_raw+0x20/0x20 [ 634.310101] ? _copy_to_user+0xc8/0x110 [ 634.314069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 634.319585] ? put_timespec64+0x10f/0x1b0 [ 634.323823] ? finish_task_switch+0x1f4/0x910 [ 634.328326] ? nsecs_to_jiffies+0x30/0x30 [ 634.332558] ? do_syscall_64+0x9a/0x820 [ 634.336513] ? do_syscall_64+0x9a/0x820 [ 634.340473] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 634.345082] ? security_file_ioctl+0x94/0xc0 [ 634.350012] ksys_ioctl+0xa9/0xd0 [ 634.353449] __x64_sys_ioctl+0x73/0xb0 [ 634.357327] do_syscall_64+0x1b9/0x820 [ 634.361202] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 634.366545] ? syscall_return_slowpath+0x5e0/0x5e0 [ 634.371462] ? trace_hardirqs_on_caller+0x310/0x310 [ 634.376480] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 634.381482] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 634.388128] ? __switch_to_asm+0x40/0x70 [ 634.392188] ? __switch_to_asm+0x34/0x70 [ 634.396247] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 634.401074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 634.406257] RIP: 0033:0x457569 [ 634.409435] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 634.428323] RSP: 002b:00007f1326079c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 634.436026] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 634.443286] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 634.450537] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 634.457799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f132607a6d4 [ 634.465050] R13: 00000000004c028e R14: 00000000004d05f8 R15: 00000000ffffffff [ 634.472318] Modules linked in: [ 634.475501] ---[ end trace a197c524dceb9cdf ]--- [ 634.480242] RIP: 0010:__lock_acquire+0xa00/0x4c20 [ 634.485064] Code: 28 00 00 00 0f 85 3e 2b 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 aa 2c 00 00 49 81 7d 00 60 92 52 8a 0f 84 3d f7 [ 634.503947] RSP: 0018:ffff8801bab3eff0 EFLAGS: 00010006 [ 634.509306] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 634.516566] RDX: 0000000000000039 RSI: 0000000000000000 RDI: 00000000000001c8 [ 634.523815] RBP: ffff8801bab3f378 R08: 0000000000000001 R09: 0000000000000000 [ 634.531074] R10: 0000000000000001 R11: ffff880183b98580 R12: ffff880183b98580 [ 634.538322] R13: 00000000000001c8 R14: 0000000000000000 R15: 0000000000000000 [ 634.545575] FS: 00007f132607a700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 634.553808] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 634.559670] CR2: 00007fc78d686db8 CR3: 00000001bbafa000 CR4: 00000000001426e0 [ 634.566924] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 634.574175] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 634.581435] Kernel panic - not syncing: Fatal exception [ 634.587983] Kernel Offset: disabled [ 634.591604] Rebooting in 86400 seconds..